The week in security: Apple security scrutinised as mobile, IoT threats loom

The role of government in cybersecurity defences continues to morph, but there were interesting revelations that GCHQ employs 120 dyslexic and dyspraxic analysts to help in its fight against terrorism, while British PM David Cameron appointed a special envoy in charge of intelligence and law-enforcement data sharing. Interestingly, however, even as scrutiny of data sharing increases, Yahoo! reported that government requests for data had dropped overall, while one Australian cybersecurity expert said businesses and governments were increasingly seeking a collaborative approach to bolster overall cybersecurity profiles.

Given all the furore over data-sharing legislation in Australia and elsewhere, it may come as a surprise to many that the majority of Australians believe data retention is acceptable as long as access to the retained data is tightly controlled. But there, as they say in the classics, is the rub: those responsible for information security are turning to established governance platforms such as COBIT 5 to ensure they can provide that tight control. Others were turning to events such as CSO's third and final CSO Perspectives roadshow, held in Sydney to strong turnout for an interesting and varied program.

Cloud-computing platforms are contributing to the problem as much as the solution, some warn, but a new survey showed that Australian businesses use cloud services even though they fear their security – or lack thereof. Mobiles aren't helping much either: security researchers discovered [[xref: contain the same vulnerability that recently led them to recommend users avoid the stock Android browser.

This might not help the spirits of those who think we are on the cusp of putting a dent in the flood of data breaches, but it puts Android in the same boat as users of the iPhone 6 – which, some warn, is .

Even as some people turn to the Tor anonymous browsing tool to anonymise their browsing habits, secure smartphone project Blackphone was offering a $US128 ($A146) bounty for security flaws detected in its code and reported to the project (the director of the FBI seems to consider the entire phone a problem with reports that encrypted smartphones had been flagged as a serious concern).

Meanwhile, some users were testing the limits of the privacy features of Apple's new iOS 8 operating system. Data recovery from iOS devices is also improving, according to some data-recovery specialists. Others were weighing up the security of the iPhone 6 fingerprint scanner as a mechanism for controlling access to the Apple Pay payments system – some found it severely wanting – while considering Apple's success in outsmarting potential attackers and thieves.

Others were more focused on Apple's success – or lack thereof – in updating its newly released iOS 8 mobile operating system, which ran into troubles after the 8.0.1 update was found to be causing major problems for users. As if Apple needed another security headache to deal with, a new vulnerability in Mac OS X and Linux called Shellshock was said to be “bigger than Heartbleed”.

Apple played down the threat but security administrators were sent scurrying to weigh up its implications, with some security experts offering advice and others warning that hackers were testing out the new techniques as they prepared to mount a larger offensive.

Some researchers claimed they had figured out a great way to outsmart malware by sifting through Web sites for just two common giveaways, while Russian police found a better way to combat malware by arresting two people suspected of running an Android campaign that was funnelling funds to them. The success of such mobile campaigns is worrying, but with smartphones and tablets being wiped at a rate of one every three minutes, according to figures from Fiberlink, it's not hard to figure out why they're so successful.

Read more: Businesses, governments value local skills in joint malware fight: BAE SAI

DDoS attackers had turned their attention to gaming hosts, ISPs and large enterprises, according to new figures from Chinese vendor NSFOCUS. Other DDoS monitors were warning that network operators needed to get more proactive in helping the fight against DDoS attacks.

Cisco tapped into its Sourcefire acquisition to build intrusion protection and other security features into its 5500 series firewalls, even as McAfee overhauled its antivirus and security software suites.

Yet such protections may be at risk of becoming mundane as the new Spike malware kit works to target new Internet-connected routers, smart thermostats, smart dryers and other Internet of Things (IoT) elements – creating new headaches in the form of massive botnets made up of common household appliances.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Join the CSO newsletter!

Error: Please check your email address.

Tags directors for CSO AustraliaIoT threats loomNSFocusgovernance platformsApple securitysecurity administratorsGCHQAustralian businessesRussian policeblackphoneAndroid browsersLinuxDDoS attackersShellshockSourcefire acquisitionMac OS Xlaw-enforcement data sharingCSODavid Cameron (British PM)privacyFiberlinkEnex TestLabiphone 6information securityciscoCloud-computingdata retentionCOBIT 5CSO AustraliaApple Paysecurity software suitesApple iOS 8smartphonecybersecurity

More about AppleCSOEnex TestLabFBIGCHQLinuxYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place