The week in security: Apple security scrutinised; certifications to boost cloud appeal

Security pundits were poring over Apple's new Yosemite operating system, with some noting that the revised Spotlight service was sharing search terms by default; Apple responded by arguing that the Spotlight Suggestions feature was in fact not violating user privacy, even as other onlookers warned that Yosemite's version of TextEdit would upload unsaved TextEdit documents to the company's iCloud service.

Yet Apple did concede that there had been attacks on its iCloud service, after China allegedly moved to intercept customer information from the service and CEO Tim Cook met with a Chinese official to push the case for better user privacy.

Apple announced it would stop using SSL 3.0 for push notifications, while the growing awareness of its Apple Pay payment infrastructure raised questions about whether NFC spoofing techniques would work with Apple Pay. Some were optimistic about its potential to boost the usage of similar services on Android devices, while others were focused on helping users remain as secure as possible in the Apple Pay world.

With criminals trading 110 million stolen credentials in 2014, US president Barack Obama has mandated chip-based credit card security with an Executive Order, even as US office-supplies giant Staples confirmed it is the subject of a data-breach investigation. Security firm FireEye said that British and German government, energy, finance and telecoms organisations were the most popular European targets for hackers while Symantec reported a rise in high-volume DDoS attacks.

Akamai saw the size and volume of DDoS attacks setting records, while 'Backoff' malware was spreading and CryptoWall ransomware encrypted a US company's entire server installation.

Researchers were warning that network-attached storage (NAS) devices are filled with vulnerabilities, while a new commercial exploit kit called Fiesta was already taking advantage of a brand-new vulnerability in Adobe's Flash Player. Microsoft disclosed a zero-day flaw that hits most versions of the Windows operating system[[ – and published a quick fix for it – while new Android 'Koler' ransomware gained the ability to [[xref: and proceeded to spread across the US. A massive malvertising campaign was delivering ransomware to Yahoo, AOL and other popular sites.

Speaking of SMS spam, a group of text-message spamming companies agreed to pay $US9 million in penalties after a formal US government investigation. Europe launched its own fight against digital criminals as a new European Commission organisation was created to focus on regulation in the digital domain.

Google began allowing users to protect their accounts against password compromises by providing two-factor authentication to its Chrome browser based on USB keys. Identity, after all, is the key to security.

Even as one security executive warned that Australian businesses were “struggling” to keep up with the security risk from cloud and mobile environments, Some were arguing that better government regulation around cloud security would boost the use of software as a service (SaaS) models in healthcare environments.

Read more: NATO security certification opens new markets for Australia's Senetas

Also aiming to bolster the use of cloud services in sensitive environments were vendors like CipherCloud and Senetas, which achieved new government certifications they hope will promote the secure use of new services by high-profile government organisations.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Join the CSO newsletter!

Error: Please check your email address.

Tags directors for CSO AustraliaAdobe's FlashCipherCloudFireEyeAndroidApple securitychromemalwareSMS spamDDoS attacksAustralian businessesakamaiEnex TestLabMicrosoftChinaUS government investigationgerman governmentSpotlight SuggestionsTextEditCSO Australiacloud appealdata-breachtwo-factor authenticationYosemite

More about AOLAppleCipherCloudCSOEnex TestLabEuropean CommissionFireEyeGoogleMicrosoftNASNFCStaplesSymantecYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place