The week in security: Mobile app security, board oversight questioned as cybercrim guile grows

Company boards need to be subjected to the same sort of security controls as everyone else, experts are warning, since those boards represent a high proportion of corporate crime. Some wonder whether their insurance policies will cover the fallout, particularly with cybercrime incidents exploding and 4 out of 5 healthcare organisations, for example, already having been breached; even encrypted medical databases, we are told, are leaking information.

With a new ruling allowing US consumer-rights agency the Federal Trade Commission to take action against businesses for cybersecurity breaches on consumers' behalf, pressure on the boardroom is only getting stronger and even small companies need to get more proactive about protecting themselves. Yet with many users struggling to do even basic things like remember their passwords – prompting the NIST to look forward to contactless fingerprint readers – they may increasingly want to heed the advice of one mathematician who thinks he has the answer.

New malware called KeyRaider was said to have compromised over 225,000 Apple accounts after targeting jailbroken iOS devices. Even when they're not jailbroken, however, a new survey found that unmanaged Apple devices can be a liability for corporates – particularly since businesses are generally failing to impose security controls on those devices.

Speaking of a lack of security controls, a range of popular Belkin Wi-Fi routers was found to be suffering numerous unpatched security flaws. Ditto a variety of baby monitors that can be hacked to allow video feeds to be hijacked or for the devices to be fully controlled.

Getting a lot of LinkedIn requests to connect recently? Be careful: an intelligence-gathering campaign has been targeting security practitioners to map out the professional networks of IT security experts.

The Ashley Madison hack continued to pay dividends for scammers – yet even as the OAIC warned that developers need to make their privacy messaging more child-friendly to get through to younger Web surfers, some wonder whether it's applications we should be focused on rather than networks; most businesses, one survey suggests, are already being compromised by employees loading as many as 35 different gambling applications on their phones.

Addressing concerns over mobile app security – which may be worse than we think as a new survey suggests that only half of developers actually build anything for mobiles, and many of them only infrequently – Qualcomm was spruiking on-device machine learning capabilities to help Android devices detect zero-day malware. Attivo Networks moved its attacker-deception technologies into the Amazon Web Services cloud, while HP built out its own machine-learning capabilities with new tools bulking out its enterprise security suite.

Back on the 'dark web', a new ransomware service called ORX was promising new headaches for users. A former US Secret Service agent admitted to stealing $US820,000 worth of Bitcoin during an investigation into vendors on the notorious Silk Road online markets. It's enough to make you wish there were a way to know which parts of the Internet to avoid – and yet, according to one study by Blue Coat Networks, there are a few domains where 95 percent of sites pose a possible threat to visitors – especially since criminals are, we're told, getting better at data extraction.

They're also getting better at hiding their tracks, with warnings that malware hiding in a computer's graphics processing unit (GPU) can be difficult to detect and another tactic taking local DNS hijacking to a new level. And they're getting bolder all the time, with a hacking group called Lizard Squad claiming responsibility for a DDoS attack on the UK National Crime Agency's Web site as revenge for the arrest of six of the team's customers. Little wonder that DDoS-fighting vendors like Nexusguard, which has redoubled its presence in the Australian market, are finding demand soaring.


Blast from the past?

Try our new Space Invaders inspired video game NOW.

What score can you get ?


Join the CSO newsletter!

Error: Please check your email address.

Tags KeyRaidermobile app securityLinkedInIT SecurityORXmalwareAshley MadisoncybercrimeCSO Australiacybersecurity breacheshealthcare organisationsencrypted medical databasesThe week in securityiOS devices

More about Amazon Web ServicesAppleFederal Trade CommissionHPmobilesNexusguardQualcomm

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place