New Year, (not so) new security problems. And what a year it’s been! From the Meltdown/Spectre fallout to the rise of cryptojacking, to rumors of Dell buying itself back public, 2018 has been a hell of a year for the IT space—and it’s only been a month. In this edition of Defrag This, hosts Greg Mooney and Jeff Edwards break down the biggest tech stories of January 2018.
Strava: Fitness App or OpSec Nightmare? Why Not Both!
Strava, a popular fitness app that touts itself as “the social network for athletes,” lets millions of users worldwide time and map their workouts and post them online. Pretty cool right? Not for the U.S military. In November, the company published a global heat map, which showed the movements of people who posted their workouts publically. Now, security researchers have discovered that several overseas US military bases were mapped in detail by app users, a disastrous operational security fail for Uncle Sam.
(h/t The Guardian)
JACKPOT!: ATM Hack Causes Machines to Spew Cash
Criminals across the US have stolen millions of dollars from ATMs over the past month via an attack vector dubbed ‘jackpotting,’ which causes the machines to spew out hundreds of bills like a slot machine that’s hit the jackpot. Attackers load the ATM with malware—typically windows malware Ploutus-D—and watch the fireworks. Opteva 500 and 700 series machines are the most vulnerable, though any machine running Windows XP is particularly at risk. Three suspects have been arrested in connection with the attacks.
Google Releases Cert. for IT Support Professionals
A potential game-changer for IT pros, Google has released its own certificate for Google IT Support Professionals. Google released coursework for the self-paced on Coursera, with pricing at a modest $49 per month. Course titles range from technical support fundamentals to IT automation and security.
Dell Might Sell Itself to Itself (VMware) in Massive Deal
The former big-time personal computing ‘dudes’ at Dell are reportedly considering a reverse-merger with VMware—which Dell controls with an 80% stake. The deal, which would be one of the biggest in tech history, would allow Dell to be traded publicly without going through a formal listing process. Dell went private in 2013, as you may remember, as a way of paying down some debts.
Cryptojacking Hits the Big Time, Annoys Users Everywhere
Okay so maybe I missed this one in my predictions for Emerging Cybersecurity Threats in 2018, but with all the buzz surrounding cryptocurrency, it should be no surprise the bad actors have found another way to get in on the action. Cryptojacking works by—you guessed it—hijacking unwitting web users processing power and using it to mine cryptocurrencies. This is typically achieved with scripts that run behind the scenes on websites.