The Ashley Madison postmortem continued, with Trend Micro uncovering apparent spams that were being used by the company in conjunction with fake user profiles – and some suggesting that the way the firm's developers had stored sensitive credentials allowed hackers to slip past their defences and crack 11.2 million passwords. Such source-code analysis is proving to be a treasure trove for hackers, with one cyberespionage group caught borrowing code from a leaked online banking Trojan.
With all this talk about privacy breaches, it's little wonder that an Australian smartphone platform, designed from the ground up for security and anonymity, has been catching on here and overseas. Such protections are proving invaluable for users – who face increasing threats as new Android ransomware emerges with the ability to change a user's PIN code.
The government's Digital Transformation Office (DTO) has been recruiting ethical hackers as part of its core digital team, with the job description offering great insight into what's expected of cybersecurity professionals these days.
In the wake of yet another healthcare hack – exposing some 10 million records – protection against cybersecurity is on the front of every executive's mind. Yet while cybersecurity insurance has been catching on slowly, there are still many questions about proper policy construction and risk management – which is why policies endorsed by industry peak bodies may provide some guidance.
Also providing guidance was a joint parliamentary committee on law enforcement, which recommended in a study that the Attorney-General's Department review the rules by which fraud victims are granted legal recognition.
On a different note, Africa's efforts against cybercrime were gaining momentum as Tanzania enacted a cybercrime law. World-class technology institution MIT – the birthplace of the World Wide Web Consortium (W3C), among other things – may also want to get stricter about security, after coming in dead last on a survey of 485 universities' security.
Adding a new chapter in the car-hacking annals, car maker Fiat Chrysler voluntarily recalled 7810 4WDs over issues with their software that could leave them vulnerable to hacking. Security vendor Kaspersky pushed out an emergency patch for a critical vulnerability discovered in its software – but an antivirus hacker with Google – itself fighting ad-injection attacks – said there would be more vulnerabilities to come.
Vulnerability disclosure is a touchy business, with security firm FireEye suing a collaborator over the handling of a disclosure over a popular product. In a relatively rare incident, hard-drive maker Seagate issued an emergency patch for its wireless external hard drives. Less rare was the revelation that a bug in Microsoft Office, which was included in the company's September patch Tuesday updates, was being used in limited attacks on customers – or the patch for yet another Hacking Team zero-day exploit.
Messaging giant WhatsApp was also patching, fixing a flaw in its Web application that could be used to trick people into installing malware. This was yet another reminder that companies need to be comprehensive in their patching efforts and not just focus on the main platforms, with some 2211 new software vulnerabilities discovered in the past quarter alone.
Despite all these breaches, the number of private records compromised by data breaches has declined by 41 percent during the first half of the year compared with last year, according to one survey. Yet the ingenuity of hackers continues, with the Turla cyberespionage group said to be hijacking satellite-based Internet connections to hide their servers from law-enforcement agencies.
There were suggestions that North Korea was behind attacks on a word processor popular in South Korea. Also in government news, security experts were sceptical about a proposed threat intelligence sharing bill.
Blast from the past?
Try our new Space Invaders inspired video game NOW.
What score can you get ?
- Next-Generation Cyber Security for the Future
- Australian workers' password laziness, device crossover compromising corporate data protections: survey
- Does the board level need to lawyer up about data breach protection?
- Sex, lies and cybercrime: reducing the threat and cost of data breaches
- Endpoint protection pitched as alternative for unpatchable EOL Windows systems
- Is Facebook's hacker alert system linked to Russian Flash Player threat?
- How to spot the difference between targeted attacks and APTs
- No gag order this time: FireEye patches bug triggered by email