The week in security: How Catholic Education secures SA schools; FBI cops heat on iPhone hacks

Australian online-classified site Gumtree was hacked and used to spread malware via online display ads, while a large US healthcare provider was shut down after a malware infection and only partially recovered days later.

Security experts warned, a new, custom-developed Dripiron backdoor was being used in targeted attacks against companies in several countries – making it just one of many threats that could pose issues for companies that are merging, which are proving to be tempting targets for cybercriminals.

Even as a US court vacated an order against Apple to help the FBI crack a terrorist suspect's iPhone, Apple requested a delay in a related case in New York until it can learn more about what was done. This was just one of more than 70 cases since 2008, it was revealed, in which the FBI had asked for the assistance of Apple and Google in unlocking smartphones during criminal proceedings in Arkansas and elsewhere; the American Civil Liberties Union (ACLU) even went to the effort of mapping the cases.

The FBI is reportedly turning its new method of cracking iPhone security to other devices – angering many who argue there is a public interest in Apple fixing the flaw; perhaps the feds should just look into MDM software – which, security researchers were warning, is susceptible to man-in-the-middle attacks between the MDM console and remotely-managed iOS devices.

An ethical-hacking firm revealed that it had been able to trick two-thirds of one company's employees into clicking on an attachment in an email sent to test the company's security defences.

Also from the employees-should-know-better file, US media network CNBC was found to be exposing visitors' passwords after it ran a poorly-considered system for checking the strength of passwords.

Little wonder there has been strong interest in privacy-preserving efforts such as Australian startup Meeco, which is expanding into Europe on the back of sizeable seed-capital funding. Oracle was put on a 20-year order by the US Federal Trade Commission, which forced the software company to be truthful about the security of updates for its Java SE software.

And one security expert was also being truthful, warning that developing effective systems for protecting car security would take years of concerted work. One vendor survey found that the use of centralised application authentication was boosting the business use of cloud applications; two-factor authentication is playing a part, but is not the only factor improving application security.

Catholic Education SA is among those steadily moving to embrace cloud conceits, with use of CAPTCHA and policy-based access control helping secure its proactive efforts to embrace remote access and deliver cutting-edge services to the most remote parts of the state.

Looking for a bit of career advancement? You're not alone, with one survey of cybersecurity professionals suggesting they may be lured away for new challenges, better pay, and more flexible working hours. How about a job at the US White House, which is looking for a CISO.

Among other things, you'll be working within an increasingly open context as federal authorities move on efforts to boost the quality of open source. You may also be busy cleaning up after the Department of Defense issued a 'please hack us' call to the Internet at large as part of a $US150,000 ($A196,000) bug bounty program.

Nasty new ransomware called Petya was found to be overwriting victim computers' master boot records, while a new tool from Bitdefender was said to prevent infections by a number of common ransomware programs.

Meanwhile, security firm FireEye was warning that hackers are stepping up efforts to attack point-of-sale systems before new defences can be put in place. A white-supremacist hacker showed why we need to be wary around Internet of Things (IoT) security, sending racist documents to thousands of publicly accessible printers.

A flaw in a widely-used door controller was said to allow easy unlocking of secure doors. And there were warnings that Linux-based home routers could be infected by a new worm called Remaiten, which exploits weaknesses in built-in Telnet servers.

Participate in this short survey on IT security strategies across the Australian market and go in the draw to WIN a 360Fly camera vailued at $689.

Start survey NOW

Join the CSO newsletter!

Error: Please check your email address.

Tags hackersMeecoFireEyeIoTTelnetAppleGooglepublic interesthealth careJava SEterrorismfbiransomwareCatholic Education South Australia (CESA)MDM TechnologycybercrimeACLUGumtreeUS Federal Trade CommissionCNBCLinuxiPhonecaptchacyber securitybitdefendermalware attacksBug Bounty ProgramiOS devicesjava security

More about AppleCNBCFBIFederal Trade CommissionFireEyeGoogleLinuxOracleTelnetUS Federal Trade Commission

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place