Welcome to The Tanium 10, our weekly roundup of the news that matters most to security and IT professionals. Each week, we spotlight the 10 stories, trend reports, and research that caught our eye—all to help you keep up with what’s happening in our fast-paced industry. We value your feedback. Once you’ve read this week’s insights, please email me here and tell me what you think. See something you’d like to discuss further? Join the conversation in our Tanium User Community.
The Tanium 10 for the week ending December 22, 2017:
- The United States publicly blames North Korea for last May’s WannaCry cyberattack (subscription required) and claims to have evidence to back up its allegation. The U.S. isn’t alone in pointing fingers at the DPRK. The United Kingdom, which had its National Health Service compromised by the attack, also blames North Korea.
- Because bad guys need to be productive, too. The largest data dump ever comes complete with its own search tools and scripts to make it easy for bad actors to find the info they’re looking for. The dump reportedly aggregates the results of 252 breaches for a grand total of 1.4 billion email addresses and credentials. The data is organized alphabetically and updated regularly. The anonymous keeper of the database accepts “donations” in Bitcoin and Dogecoin.
- Amazon Web Services (AWS) now offers Single Sign-On (SSO). The cloud service allows central management of SSO access to multiple AWS accounts and business apps.
- The final Patch Tuesday of 2017 included security updates from none other than Microsoft and Adobe. Redmond offered fixes for 30+ vulnerabilities in Windows and related software, including an update on its Malware Protection Engine. The newest Flash update from Adobe is 126.96.36.199, but Flash remains a security concern, according to Brian Krebs.
- Moscow-based Kaspersky Lab is suing the United States to rescind the Department of Homeland Security order banning use of the security firm’s software on government computers. The ban was instituted over concerns that the software could enable Russian espionage and threaten national security. The suit claims Kaspersky was deprived of its right to due process because it wasn’t given a chance to challenge the ban before it was issued.
- File under: “it has a good beat, you can dance to it.” Cryptocriminals found an intriguing, if laborious, way to launder ill-gotten Bitcoins into dollars. The perpetrator produces a digital song and finds a music publisher willing to sell it for them in the Apple iTunes store. The perpetrator then uses stolen iTunes cards to buy his own song, prompting the music publisher to issue royalty checks — you know, the kind based on cold, hard cash and accepted at banks everywhere.
- Speaking of music…You can probably recognize Todd Rundgren‘s song “Hello It’s Me” as soon as you hear the first or second notes. Too bad Hello, a Windows 10 facial recognition security feature, lacks your recognition capabilities. Security experts at pen-test firm Syss found Hello can be spoofed with a photo of an authorized user.
- No signature required. American Express joins Mastercard and Discover in eliminating customer signatures on credit or debit card purchases in the U.S. and Canada come April 2018. Contactless payments and EMV chip technology, among other factors, make signatures unnecessary for security purposes.
- President Donald J. Trump outlined his administration’s first National Security Strategy in a speech entitled “Making America Safe.” The wide-ranging speech makes glancing mention of cybersecurity, while the strategy document itself covers initiatives such as information sharing, securing critical infrastructure, strengthening public-private partnerships, and modernizing federal tech.
- Are Internet of Things (IoT) devices becoming the next Bring Your Own Device headache for IT and security pros? In an article for Harvard Business Review, Yevgeny Dibrov, founder and CEO of Armis Security, an IoT security startup, writes “We recently found that 82 percent of our enterprise customers have Amazon Echos in use, which are almost always in an executive’s office.”
And another thing…
The Selfieccino. Yes. It’s a thing. A London cafe offers customers a cappuccino or hot chocolate with their image on the frothy topping of their drinks. Now even your cup of coffee needs to be “Instagram worthy.”
Like what you see? Click here and sign up to receive The Tanium 10 in your inbox every Friday.