The week in security: Tech giants defend encryption; Smart TVs a security soft spot

With peak retail season settling down, many were weighing the damage that hackers had wrought in recent weeks. After Hyatt Hotels said its payment-processing systems had been hit by malware, others were warning that payment terminals were often affected by poor security decisions that enabled mass fraud by hackers. Authorities dismantled a gang of criminals that had stolen 200,000 euros from ATMs infected with malware, while online vandals were said to have set a DDoS record after pummeling the BBC Web site.

Even as China passed a law requiring technology companies to help the government decrypt content, tech giants met the FBI and NSA at a meeting with a secret agenda and were lobbying the UK government not to do the same – backdoors were all the news.

In the wake of Juniper Networks' backdoor security issues, Cisco Systems began proactively looking for undetected backdoors in its products. Microsoft banning the adware technique that lay at the heart of last year's Lenovo Superfish fiasco.

Apple was lobbying against the UK's proposed spying law, while Oracle facilitated the removal of insecure versions of its Java SE. And HP, also doing its part, announced it will integrate privacy filters – which stop snooping by people sitting next to a user – into its laptop and tablet screens.

Google has also been doing its part, with steps to improve security by using devices instead of passwords. An ex-banking executive was also looking to new forms of device security, talking up a new payment card called ScramCard, that has been designed with extra protection and has been capturing attention in many circles.

Also capturing attention was the Raspberry Pi mini-PC – although the attention in question is the kind you don't want, with malware authors apparently offering its makers money to infect customers' PCs. Such devices are increasingly pegged as soft spots in the security perimeter, with smart TVs also pegged as a key access channel for attackers and Android-based TVs proving particularly vulnerable. Even locks are going smart, as the likes of Danalock increased their pitch to the markets – although not every such solution was proving so secure, with vulnerabilities in Comcast's Xfinity Home Security offerings causing the system to report that a home's windows are closed and secured – even if they are neither. This could be less than ideal, particularly as Internet of Things (IoT) ecosystems build and more firms follow the lead of ADT, which extended its professional security-monitoring service to third-party components.

Adobe rushed a fix for yet another new flaw in its Flash Player, causing exploit acquisition firm Zerodium to offer a $100k bounty for someone that bypasses Flash Player's latest protections. Meanwhile, Google pushed out fixes for dangerous rooting vulnerabilities in its Android operating system and secure-phone developer Silent Circle was patching a vulnerability in its Blackphone.

Hacker groups were also keeping busy, with BlackEnergy upgrading its software with a destructive data-wiping component and a backdoored SSH server. The would-be creators of Linux ransomware were shown up by researchers that found a vulnerability in their approach, while free digital-certificate vendor Let's Encrypt was on the defensive after cybercriminals ran a malvertising campaign using its certificates.

Read more: ​Can ScramCard make payment security sexy? This ex-bank CSO thinks so

Participate in CSO and Gigamon's survey on Security Priorities today!

Go into the draw for a chance to win an Apple iWatch Sports or the equivalent of $500 Visa Cashcard.

For full terms and conditions click here.

Start survey NOW!

Read more: Anthem health insurance hackers are a well-funded, busy outfit

Join the CSO newsletter!

Error: Please check your email address.

Tags VulnerabilitiesScramCardSmart TVnsaHyatt Hotelsfbimalwarejuniper networksCSO AustraliaCisco SystemssecurityddosJava SEencryption

More about AppleCiscoCSOFBIGigamonGoogleHPJuniperLenovoLinuxMicrosoftNSAOracleSilent CircleSSHVisa

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place