The week in security: Anonymous claims hack, GoDaddy claims router stuff up

Can you really trust your IT staff? Turns out one in five has been accessing executives’ confidential data, according to one new study. Another case has emerged in which two US lawyers were found to be profiting from the hijacking of public companies' identities.

But that's not the only problem organisations face: a study from software certification firm OPSWAT has found antivirus programs are often poorly configured, while a separate report suggested that over half of Android smartphones and tablets have unpatched security vulnerabilities .

A survey of UK Web sites has found most only give visitors a minimal amount of information about their use of cookies, while there were more suggestions the US government is laying a technical framework to track its citizens' movements online. The five-year extension of a controversial surveillance law by the US House of Representatives did little to quell those concerns.

Speaking of tracking citizens: even though Google is offering do-not-track support in its Chrome browser, advertisers have been especially up in arms over Microsoft's decision to block user tracking in its Internet Explorer 10 browser, and it's now emerged that Apache Web servers will simply ignore the setting . Looks like Microsoft just can't win – especially when it was revealed that new computers being sold in China were saving hackers even more time by shipping with malware preinstalled .

Microsoft eventually downed that botnet , called Nitol , and was also busy patching a Windows 8 Flash bug before the operating system is released, while Apple fixed 163 security flaws in its WebKit browser engine.

Even as AISA was gearing up for its national conference and soliciting nominees for its AISA Information Security Awards, a number of new security tools hit the streets including Black Lotus' new DDoS mitigation service , AVG's cloud-scanning and touchscreen-driven 2013 suite , a broad security upgrade from HP, a URL-scanning acquisition by Google, and a slew of security-product upgrades from Cisco.

There were, as always, new exploits aplenty: a new Mac malware, for example, is stealing passwords while it emerged that the Taliban is using "sexy" Facebook profiles to trick Australian troops into giving up their secrets.

Domino's Pizza's Indian operation said its website had been hacked , while security researchers found a botnet command-and-control server running inside the anonymous Tor network. Details of the new CRIME attack emerged. And, adding to the fun, the creator of the Blackhole exploit kit released a new, stealthier version.

Ireland was struck by new ransomware purporting to come from national police service Garda, while a new app shows that perpetrating SMS fraud is gaining in popularity. Also popular is Harry Potter actress Emma Watson, who has been given the dubious honour of being named the most dangerous celebrity to search for online: search for her name and you've got a 12 per cent chance of coming up with malware.

Online-services site GoDaddy had a busy week after hackers rushed to claim responsibility for a four-hour service outage; a later apology from the company, which brought the site back online ASAP, confirmed the cause was actually technical. Hackers were similarly red-faced after their claims to have hacked an FBI laptop containing stolen Apple IDs proved false; turns out the UDIDs were stolen from a digital publishing firm called BlueToad.

But that doesn't mean hackers haven't had enough wins to make people assume the worst when something happens – but sometimes it doesn't even take a hacker. Turns out you can also get personal information from rubbish bins – although it will cost the person that's supposed to be looking after them. The Scottish Border Council learned this the hard way after copping a £250,000 ($A384,000) fine when an outsourcer dumped paper copies of digitised pension records in the bin.

Along similar lines, UK firm Companies House will be reviewing its systems after a security firm said it has been storing customer passwords in plaintext on its servers. No wonder the EU has established a permanent Computer Emergency Response Team (CERT-EU), which was matched by a similar announcement as the UK's GCHQ launched a new academic research institute to investigate the "science of cyber security".

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts