The week in security: Warnings on open-source spinoffs, US-Europe privacy compromise

The average successful hack gains attackers less than $US15,000 ($A20,600), a recent Ponemon Institute study has found. Yet that may still be enough to lure attackers who are proving adept at navigating “confusing” industry messages on endpoint security, believes one security specialist who argues that the result is hampering companies' ability to shore up privileged-account security.

There is much shoring up to do: the latest SplashData survey suggested that the gaming world's worst passwords aren't changing much from year to year. Yet gamers are far from the only ones working to learn better security practice: one security consultant recounted his experiences teaching his elderly mother how to stay safe online.

Interestingly, even as humans struggle to learn about security, one security startup argues that its technology is a form of artificial intelligence that learns from humans. This, as Australian agricultural concern SunRice embarked on a major telecommunications and security upgrade that reflected its own security learnings and its plan to stay secure as it increasingly embraces the cloud – a task that is becoming increasingly challenging for users of Amazon Web Services and other commercial cloud giants.

Even as UK businesses were hit by a ransomware and DDoS surge and a new threat report highlighted the industries at the greatest risk of attack by government-sponsored Chinese hackers, many privacy advocates were expressing concern about the death of privacy, the United States and European powers reached an eleventh-hour compromise that will ensure data continues to flow between the two regions' very different privacy regimes; critics, however, have their reservations and flaws in the privacy protections of smart toys won't make anyone sleep easier.

A Harvard study shot down the argument that wider use of encryption software will impact criminal and terrorism investigations. This goes against conventional wisdom, which has security bodies advocating for the inclusion of backdoors in legitimate encryption tools – something that one US presidential hopeful believes should be negotiated in secret.

Yet sometimes backdoors are right out there even without government intervention: the Socat networking service managed to make its own backdoor, for example. Also on the bugs front, Google fixed five critical Android bugs in its February Nexus update and 13 bugs in its latest Android, even as reports suggested that more than 60 Android games were designed to download and execute malicious code hidden inside online images.

Dell outlined a plan to boost security in its PCs and tablets, while vendors like Netgear and Motorola were racing after vulnerabilities were found in some of their products.

The federal government warned Internet users to watch out for an email scam involving the Australian Federal Police, while security vendor Malwarebytes said it could take four weeks to fix flaws recently identified in its products by a Google security researcher.

Speaking of flaws, one security researcher warned that a custom version of Google's Chrome browser, developed by security vendor Comodo, has a major flaw. The revelation, which Comodo rushed to fix, led to a stern talking-to from Google.

Read more: Data protection starts with security, but disclosure remains key

A similar situation hit the Avast SafeZone browser, which was found to have its own vulnerability after incorporating the open-source Chromium browser. Fittingly, some exploit-kit developers found a new solution to this problem: detecting probing by security researchers and preventing them from discovering vulnerabilities in the first place.

Join the CSO newsletter!

Error: Please check your email address.

Tags successful hackThe week in securityprivileged-account securityUS-EuropePonemon InstituteprivacyCSO Australia

More about Amazon Web ServicesAustralian Federal PoliceAvastComodoDellFederal PoliceGoogleMalwarebytesMotorola

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts