The week in security: Is Apple to blame for breach, or SMS?

What's the best way to ensure your data isn't compromised in the cloud? Encrypt everything and don't let your cloud provider have the password, advises one security expert. You can even encrypt Android devices with FIPS 140-compliant technology now available.

Yet while you can run, you may not necessarily be able to hide: the online threat profile continued unabated, with revelations that Crisis malware can even infect VMware virtual-machine images; Microsoft warning about password-stealing 'man-in-the-middle' attacks based on vulnerabilities in its MS-CHAP authentication protocol.

The standoff over Julian Assange, predictably, became the latest cause celebre for hackers as Anonymous targeted the UK Ministry of Justice. It was a successful attack – as was the high-profile laptop hack and data recovery of tech journalist Mat Honan – although authorities were a bit less convinced by another threat to hack NASA's Mars Curiosity rover.

Apparently responding to a French hacker's claims he has found a flaw in the iPhone's implementation of SMS, Apple was warning customers that SMS messages are insecure and that – surprise, surprise – customers concerned about security should use its iMessage service instead. Security experts, of course, rushed to offer their perspectives and advice on the issue (many were unimpressed), and on security in general. But it didn't take long for Android to suffer its own attack as a reported 500,000 Chinese users were infected with the 'SMSZombie' backdoor malware attack; it can be no surprise that BYOD strategies are causing security types to revisit mobile data protection strategies.

Turns out the practice of cracking popular apps, riddling them with malware and re-posting them to trick unsuspecting Android users has become hugely popular, according to a new study. The US Department of Justice took the interesting step of seizing three sites for alleged copyright violations around pirated Android apps, but it's the tip of the iceberg. Little wonder companies like McAfee are redoubling their efforts to secure the platform, although McAfee created its own problems after an update to its antivirus products crippled many users' computers. Others were worried about technology's dark side – new devices designed to harm users – or inadvertent compromises of common technology such as in-car systems.

Meanwhile, Siemens was flagged for a complex security hole and Adobe reinforced concerns over existing technologies as it patched six serious flaws in Flash – which some warn is "under siege" as hackers launched a malware attack to capitalise on Google's decision to stop distributing the platform through Google Play.

As analysis of the Shamoon malware suggested it may be related to the recent Saudi Aramco attack and analysis of Gauss malware turned up some surprising conclusions, security types are working to improve defences against rootkit attacks with new BIOS security standards. And all this talk about data security has many executives nervous, with boardrooms becoming increasingly aware of security considerations. As they should: the string of high-profile security issues continued as it was revealed authorities are looking into concerns about the security of retail giant Tesco's website.

Time will tell whether security concerns hobbled ad agency Facedeals, which is testing the boundaries of privacy with an app that targets local ads at potential customers as they walk through the doors of a retail shop. But with data security and privacy clearly a growing issue, you'd hope that authorities could get their acts together and figure out how to collaborate to shut down hackers, but conflicts over the procedures for the recent multinational effort to take down the DNSChanger malware showed that things are often not as smooth as you'd hope.

Even as a German man was given seven years in prison for online fraud and LulzSec turncoat 'Sabu' was given a six-month sentencing delay, London police were warning users to use paper maps rather than smartphone maps to avoid becoming targets for thieves. Those concerned about smartphones' use of personal data got a new cause for concern after it was revealed that apps for US presidential candidates Barack Obama and Mitt Romney "suck up" personal data.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts