The week in security: Companies pressured to act on breaches

News of new security breaches continued to roll in throughout the week.

News of new security breaches continued to roll in throughout the week, with the Australian Securities and Investments Commission (ASIC) kicking off the week with a warning that users of online stockbroking services should review their security, change their passwords, and ensure all software was current. Seems someone has been poking their heads where they shouldn't be, and ASIC is eager to prevent any more unwanted intrusions.

Speaking of intrusions, authorities in Europe are set to overhaul that region's 1995 Data Protection Directive with a focus on shortening reporting times when security is breached. Under the new guidelines, companies will be given just 24 hours to fess up to their customers – much longer than customers were left waiting during recent attacks such as the Sony, Stratfor and other hacks.

Looks like they're concerned about improving the responsiveness of efforts to quickly stop the likes of Andrey N. Sabelnikov, a Russian developer and apparent photography fan that Microsoft this week fingered as the developer of Kelihos malware. Yet there's no telling, however, whether all companies will be as forward as Symantec, which this week warned all customers of its pcAnywhere remote-access product to stop using it because its source code has been leaked to the blackhat community.

There's no telling what they might do with that source code, but there were warnings of more imminent problems as revelations emerged that many companies are configuring their building management systems (BMSes) with no security beyond a simple password-protected Web login. That would make it easier than ever to put the heat on a target company – literally – although hackers were much subtler when they planted text and image files on the Governor-General's Web site which, it was this week revealed, had been publicly accessible online for the past 10 months.

Social application Grindr was also feeling the heat after the Sydney Morning Herald reported that a hacker had found a way to log into the site as a different user and sent messages, chat and send photos on their behalf. Given that Grindr is targeted at homosexual men and has more than 100,000 Australian users – many of whom have shared compromising photos and would hardly want their personal information exploited – the company has moved quickly to fix the bug in the site and its heterosexual sister site Blendr.

The week progressed amidst warnings of a growing worldwide cyber-warfare threat, while figures released closer to home revealed that authorities were granted over 243,000 telecommunications interception warrants in the 2010-2011 year. On a similar note, Greens senator Scott Ludlam was warning that ISP data-retention proposals are still very much on the table and even went as far as to claim his mobile phone was being tapped. That one was the subject of debate – but not so a malware attack that found a legitimate small business banned from Google AdWords after its hosting provider was compromised by malware and blackballed online. Just goes to show that online, collateral damage can be significant and unintended.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.

More about Australian Securities & Investment CommissionGoogleMicrosoftScott CorporationSonySymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts