The week in security: Was it the FBI's Apple data, or not?

Reports were questioning corporate security culture as KPMG suggested a lack of legislation around mandatory data breach notifications has left many Australian companies tight-lipped on the subject.

Talk about it or not, it's still happening: A bank refunded $12,000 to a victim of ATM 'skimming', while two executives at an ATM-owning company were jailed for a racket that stole $US4.8m from a Rhode Island bank.

Financial motivations weren't the only thing hitting the news: a hacktivist stole data from three UK Police Web sites, apparently as a show of support for Julian Assange. Support for Assange also drove DDoS attacks on UK, US and Swedish government Web sites.

These and other crimes were the subject of a manual on how international law applies to cyberwarfare. Case in point: revelations that certificate authority Comodo was tricked into selling a code-signing certificate to a banking Trojan distributor, or the leaking of 1 million Apple user IDs said to have been stolen from an FBI agent's laptop.

The FBI denies it was the source, but some suggest it would be hard to fake the information.

Breaches are certainly happening all the time: storage firm Imation, for one, reported that public-sector organisations have driven a tenfold rise in data breaches since 2007, while a separate survey found that encryption usage has increased 20 per cent annually since 2008.

Straight from the vulnerabilities department, researchers found a critical vulnerability in a new Java 7 security update. Reinforced by an Apple update to fix Java security issues, some started to ask whether Java's time has come at last. But Java may only be the tip of the iceberg: an Avecto survey suggested that most IT professionals have no idea what's running on their networks – particularly worrying since many organisations let young workers run applications with full administrative privileges just to avoid incurring their wrath.

Meanwhile, Siemens arm RuggedCom discovered new vulnerabilities in its industrial switches. Linux and Mac OS X users were being targeted by a password-stealing Trojan called 'Wirenet', while a security firm suggested the nefarious 'Wiper' worm was linked to the previous Duqu attack.

Broadcaster Al Jazeera suffered a DNS attack, while BitCoin was crippled by a $250,000 loss after unencrypted security keys were stolen.

Virtualisation vendor VMware had an interesting take on smartphone virtualisation, unveiling a new platform for device and application mobility after (allegedly) gaming iOS security to create virtual workspaces.

Facebook was going on the offensive against scammers, eliminating fraudulent 'Likes' that inflate a page's perceived importance. Facebook users may be surprised at the results of a browser plug-in that tells them what information is being collected by third-party applications.

Russia's Defence Ministry seems to have already noticed the alarming level of detail going back to Google – and has released a new tablet for Kremlin users that runs a version of malware-prone Android that has been modified to take out the operating system's back-to-base reporting.

They're not the only one: even as privacy advocates backed the EU's proposed privacy rules, a survey found that mobile users are seriously concerned about the privacy of their data.

And, just slightly westward, Germany's federal police are recruiting to develop their own surveillance software to help in investigations.

Meanwhile, with the anniversary of September 11, many were questioning whether the US government's anti-cybersecurity efforts are going to be enough. Some said a presidential Executive Order, issued in lieu of a congressional consensus, might have some interim effect but the jury's still out on its long-term impact.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts