The week in security: Was it the FBI's Apple data, or not?

Reports were questioning corporate security culture as KPMG suggested a lack of legislation around mandatory data breach notifications has left many Australian companies tight-lipped on the subject.

Talk about it or not, it's still happening: A bank refunded $12,000 to a victim of ATM 'skimming', while two executives at an ATM-owning company were jailed for a racket that stole $US4.8m from a Rhode Island bank.

Financial motivations weren't the only thing hitting the news: a hacktivist stole data from three UK Police Web sites, apparently as a show of support for Julian Assange. Support for Assange also drove DDoS attacks on UK, US and Swedish government Web sites.

These and other crimes were the subject of a manual on how international law applies to cyberwarfare. Case in point: revelations that certificate authority Comodo was tricked into selling a code-signing certificate to a banking Trojan distributor, or the leaking of 1 million Apple user IDs said to have been stolen from an FBI agent's laptop.

The FBI denies it was the source, but some suggest it would be hard to fake the information.

Breaches are certainly happening all the time: storage firm Imation, for one, reported that public-sector organisations have driven a tenfold rise in data breaches since 2007, while a separate survey found that encryption usage has increased 20 per cent annually since 2008.

Straight from the vulnerabilities department, researchers found a critical vulnerability in a new Java 7 security update. Reinforced by an Apple update to fix Java security issues, some started to ask whether Java's time has come at last. But Java may only be the tip of the iceberg: an Avecto survey suggested that most IT professionals have no idea what's running on their networks – particularly worrying since many organisations let young workers run applications with full administrative privileges just to avoid incurring their wrath.

Meanwhile, Siemens arm RuggedCom discovered new vulnerabilities in its industrial switches. Linux and Mac OS X users were being targeted by a password-stealing Trojan called 'Wirenet', while a security firm suggested the nefarious 'Wiper' worm was linked to the previous Duqu attack.

Broadcaster Al Jazeera suffered a DNS attack, while BitCoin was crippled by a $250,000 loss after unencrypted security keys were stolen.

Virtualisation vendor VMware had an interesting take on smartphone virtualisation, unveiling a new platform for device and application mobility after (allegedly) gaming iOS security to create virtual workspaces.

Facebook was going on the offensive against scammers, eliminating fraudulent 'Likes' that inflate a page's perceived importance. Facebook users may be surprised at the results of a Secure.me browser plug-in that tells them what information is being collected by third-party applications.

Russia's Defence Ministry seems to have already noticed the alarming level of detail going back to Google – and has released a new tablet for Kremlin users that runs a version of malware-prone Android that has been modified to take out the operating system's back-to-base reporting.

They're not the only one: even as privacy advocates backed the EU's proposed privacy rules, a survey found that mobile users are seriously concerned about the privacy of their data.

And, just slightly westward, Germany's federal police are recruiting to develop their own surveillance software to help in investigations.

Meanwhile, with the anniversary of September 11, many were questioning whether the US government's anti-cybersecurity efforts are going to be enough. Some said a presidential Executive Order, issued in lieu of a congressional consensus, might have some interim effect but the jury's still out on its long-term impact.

Comments

Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Identity & Security Management

Identity and Security Management

Latest Jobs
Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.