The week in security: 600,000 reasons for Mac users to be afraid

Cyber-attacks may have been adjudged to be one of the most serious security threats facing the world, and the nasties out there were certainly doing their part to make sure we didn't forget it. Credit-card payments processor Global Payments said that fewer than 1.5 million cards were affected by the recent data theft, but struggled with its corporate messaging in the wake of the significant breach. Authorities are definitely playing catch-up, as revelations emerged that one UK hacker was using hacked accounts for 20 months before he was busted and ultimately jailed for 26 months.

News of an unpatched Java vulnerability in Apple's Mac OS X led to a rapid patch to fix what is being hailed as perhaps the most serious attack yet on the operating system, via Flashback malware that's estimated to have infected more than 600,000 Macs (although some have questioned the numbers). Mozilla was also thinking about Java, blacklisting unpatched versions of the runtime environment from the Windows version of Firefox.

Meanwhile, another piece of malware, called Ice IX, was found to be tricking Facebook users into exposing their credit card details. Security firm Sophos took down a partner portal after it discovered signs suggesting the server hosting the portal had been breached. And while overall spam volumes were down by some measures, a fake US Airways email, masquerading as an online check-in confirmation, was distributing malware based on the ZeuS Trojan.

Vendors were doing their part to try to organise the industry's response to what has become a steady flow of malware. against several of its "most aggressive tool providers and spammers", while Adobe Systems released an open-source tool for classifying malware, and ARM joined Gemalto and Giesecke & Devrient to develop a common security standard for connected devices like tablets, smart TVs, games consoles and smartphones.

Some were questioning whether authorities should be looking into pre-installed antivirus "scams". The European Union's European Network and Information Security Agency (ENISA) offered a guide for improving security in cloud-computing contracts, while security vendor Sophos strengthened its capabilities with the purchase of mobile device management vendor Dialogs.

Mobiles could definitely use better management if the privacy violation masquerading as Girls Around Me, a new app that locates females in the vicinity, is any indication. Its makers copped criticism after the app's information sharing was slammed as a tool for stalking. US authorities were also homing in on Upromise, a university-savings site that was installing a browser toolbar on visitors' computers. The US-based Center for Democracy and Technology was also beating the privacy drum, warning that proposed US cyber security bills raised all kinds of civil-liberties concerns even as security bods gathered in Washington, D.C. to share the .

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.

More about Adobe SystemsAdobe SystemsAppleetworkFacebookGemaltoMacsMozillaSophosTechnologyUpromiseUS Airways

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place