The week in security: Lack of staff driving creative recruitment; Out-securing Dropbox

Global cloud-storage giant Dropbox certainly has global market share, but that hasn't dissuaded competitors like Senetas from developing security-focused alternatives that target Dropbox's balance of security and usability.

Experts were recommending caution when putting healthcare data into the cloud, not the least because security skills remain hard to find – forcing some security consultancies to recruit from overseas and get creative in their staff development plans to keep up with demand.

A number of Web sites running the Magento e-commerce platform were said to have been infected with code redirecting victims to the Neutrino exploit kit; Magento blamed the issue on unpatched older systems rather than a new hack.

Also on the targeted-attack front, Facebook raised eyebrows about a possible link to a Russian Adobe hack as it said it would start warning users if it feels their page is being targeted by state-sponsored attacks – such as the ones that China is reputedly launching just a day after it said it would no longer do so.

Also on the geopolitical security landscape, the EU and US were given 3 months to negotiate a new data-sharing agreement after the old one was struck down by a EU court.

Even as consideration of the most important hacks of the past few years highlights the changing threat landscape, a number of security vendors are working to improve endpoint protection, with Cylance expert Stuart McClure offering strong guidance in the area even as CSOs work to consolidate their endpoint and other security platforms.

Citrix was feting the certification of its mobile apps to carry PROTECTED level government data – world-first Australian effort that required rewriting under the watch of the company's global leadership. High-level monitoring of security practices is becoming increasingly common, by some accounts, although one PwC survey suggests that despite growing awareness just 45 percent of boards are actually getting involved in security planning.

Security experts were warning of the need to use stronger encryption, and warned of new malware that replaces your browser with a dangerous Chrome lookalike. And Apple was also clamping down on deceptive apps – pulling numerous iOS apps that were found to be mining private data from users' iPhones, as well as shutting down the first iOS 9 jailbreak and fixing a raft of other security issues.

Internet of Things (IoT) vulnerabilities remained a hot topic, with some suggesting that cyber insurance premiums could push IoT security standards forward. DARPA was looking into another way to boost IoT safety.

Google and Yahoo were tightening their spam filtering, while buyers of the notorious MacKeeper software were pushing for refunds en masse. Microsoft kicked off a bug-bounty program for part of its Visual Studio 2015 environment, while security experts were warning that bugs in the open-source timing protocol could be used to launch attacks on online targets by scrambling their clocks.

Join the CSO newsletter!

Error: Please check your email address.

Tags dropboxcreative recruitmentCSO AustraliaMagento e-commerceFacebook

More about AppleCitrixDropboxEUFacebookGoogleMicrosoftYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place