The week in security: DTO recruiting hackers; secure Aussie phone catching on

The Ashley Madison postmortem continued, with Trend Micro uncovering apparent spams that were being used by the company in conjunction with fake user profiles – and some suggesting that the way the firm's developers had stored sensitive credentials allowed hackers to slip past their defences and crack 11.2 million passwords. Such source-code analysis is proving to be a treasure trove for hackers, with one cyberespionage group caught borrowing code from a leaked online banking Trojan.

With all this talk about privacy breaches, it's little wonder that an Australian smartphone platform, designed from the ground up for security and anonymity, has been catching on here and overseas. Such protections are proving invaluable for users – who face increasing threats as new Android ransomware emerges with the ability to change a user's PIN code.

The government's Digital Transformation Office (DTO) has been recruiting ethical hackers as part of its core digital team, with the job description offering great insight into what's expected of cybersecurity professionals these days.

In the wake of yet another healthcare hack – exposing some 10 million records – protection against cybersecurity is on the front of every executive's mind. Yet while cybersecurity insurance has been catching on slowly, there are still many questions about proper policy construction and risk management – which is why policies endorsed by industry peak bodies may provide some guidance.

Also providing guidance was a joint parliamentary committee on law enforcement, which recommended in a study that the Attorney-General's Department review the rules by which fraud victims are granted legal recognition.

On a different note, Africa's efforts against cybercrime were gaining momentum as Tanzania enacted a cybercrime law. World-class technology institution MIT – the birthplace of the World Wide Web Consortium (W3C), among other things – may also want to get stricter about security, after coming in dead last on a survey of 485 universities' security.

Adding a new chapter in the car-hacking annals, car maker Fiat Chrysler voluntarily recalled 7810 4WDs over issues with their software that could leave them vulnerable to hacking. Security vendor Kaspersky pushed out an emergency patch for a critical vulnerability discovered in its software – but an antivirus hacker with Google – itself fighting ad-injection attacks – said there would be more vulnerabilities to come.

Vulnerability disclosure is a touchy business, with security firm FireEye suing a collaborator over the handling of a disclosure over a popular product. In a relatively rare incident, hard-drive maker Seagate issued an emergency patch for its wireless external hard drives. Less rare was the revelation that a bug in Microsoft Office, which was included in the company's September patch Tuesday updates, was being used in limited attacks on customers – or the patch for yet another Hacking Team zero-day exploit.

Messaging giant WhatsApp was also patching, fixing a flaw in its Web application that could be used to trick people into installing malware. This was yet another reminder that companies need to be comprehensive in their patching efforts and not just focus on the main platforms, with some 2211 new software vulnerabilities discovered in the past quarter alone.

Despite all these breaches, the number of private records compromised by data breaches has declined by 41 percent during the first half of the year compared with last year, according to one survey. Yet the ingenuity of hackers continues, with the Turla cyberespionage group said to be hijacking satellite-based Internet connections to hide their servers from law-enforcement agencies.

There were suggestions that North Korea was behind attacks on a word processor popular in South Korea. Also in government news, security experts were sceptical about a proposed threat intelligence sharing bill.

Blast from the past?

Try our new Space Invaders inspired video game NOW.

What score can you get ?

Join the CSO newsletter!

Error: Please check your email address.

Tags hackersDigital Transformation Office (DTO)cyberespionage groupAussie phonezero-dayattacksbanking TrojanFireEyerecruitingHacking TeamDTOWhatsApptrend microcybersecurity insuranceAustraliavulnerabilityAshley MadisonCSO Australiacyberespionage

More about Attorney-GeneralFireEyeGoogleKasperskyMicrosoftMITSeagateTrend MicroW3CWorld Wide Web Consortium

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts