The week in security: Mobile app security, board oversight questioned as cybercrim guile grows

Company boards need to be subjected to the same sort of security controls as everyone else, experts are warning, since those boards represent a high proportion of corporate crime. Some wonder whether their insurance policies will cover the fallout, particularly with cybercrime incidents exploding and 4 out of 5 healthcare organisations, for example, already having been breached; even encrypted medical databases, we are told, are leaking information.

With a new ruling allowing US consumer-rights agency the Federal Trade Commission to take action against businesses for cybersecurity breaches on consumers' behalf, pressure on the boardroom is only getting stronger and even small companies need to get more proactive about protecting themselves. Yet with many users struggling to do even basic things like remember their passwords – prompting the NIST to look forward to contactless fingerprint readers – they may increasingly want to heed the advice of one mathematician who thinks he has the answer.

New malware called KeyRaider was said to have compromised over 225,000 Apple accounts after targeting jailbroken iOS devices. Even when they're not jailbroken, however, a new survey found that unmanaged Apple devices can be a liability for corporates – particularly since businesses are generally failing to impose security controls on those devices.

Speaking of a lack of security controls, a range of popular Belkin Wi-Fi routers was found to be suffering numerous unpatched security flaws. Ditto a variety of baby monitors that can be hacked to allow video feeds to be hijacked or for the devices to be fully controlled.

Getting a lot of LinkedIn requests to connect recently? Be careful: an intelligence-gathering campaign has been targeting security practitioners to map out the professional networks of IT security experts.

The Ashley Madison hack continued to pay dividends for scammers – yet even as the OAIC warned that developers need to make their privacy messaging more child-friendly to get through to younger Web surfers, some wonder whether it's applications we should be focused on rather than networks; most businesses, one survey suggests, are already being compromised by employees loading as many as 35 different gambling applications on their phones.

Addressing concerns over mobile app security – which may be worse than we think as a new survey suggests that only half of developers actually build anything for mobiles, and many of them only infrequently – Qualcomm was spruiking on-device machine learning capabilities to help Android devices detect zero-day malware. Attivo Networks moved its attacker-deception technologies into the Amazon Web Services cloud, while HP built out its own machine-learning capabilities with new tools bulking out its enterprise security suite.

Back on the 'dark web', a new ransomware service called ORX was promising new headaches for users. A former US Secret Service agent admitted to stealing $US820,000 worth of Bitcoin during an investigation into vendors on the notorious Silk Road online markets. It's enough to make you wish there were a way to know which parts of the Internet to avoid – and yet, according to one study by Blue Coat Networks, there are a few domains where 95 percent of sites pose a possible threat to visitors – especially since criminals are, we're told, getting better at data extraction.

They're also getting better at hiding their tracks, with warnings that malware hiding in a computer's graphics processing unit (GPU) can be difficult to detect and another tactic taking local DNS hijacking to a new level. And they're getting bolder all the time, with a hacking group called Lizard Squad claiming responsibility for a DDoS attack on the UK National Crime Agency's Web site as revenge for the arrest of six of the team's customers. Little wonder that DDoS-fighting vendors like Nexusguard, which has redoubled its presence in the Australian market, are finding demand soaring.


Blast from the past?

Try our new Space Invaders inspired video game NOW.

What score can you get ?


Join the CSO newsletter!

Error: Please check your email address.

Tags KeyRaidermobile app securityLinkedInIT SecurityORXmalwareAshley MadisoncybercrimeCSO Australiacybersecurity breacheshealthcare organisationsencrypted medical databasesThe week in securityiOS devices

More about Amazon Web ServicesAppleFederal Trade CommissionHPmobilesNexusguardQualcomm

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

More videos

Blog Posts