The week in security: Banks falling SWIFTly as businesses warned about taking security seriously enough

The benefits of communication are often lauded within corporate environments but making it happen is often much harder.

Social media-minded CSOs should educate users with real-world examples of how the services are being exploited by hackers, one expert has warned, while others suggested that disruption had become big business for cybercriminals.

The founder of the now-defunct Liberty Reserve virtual currency was sentenced to 20 years in prison and an alleged Syrian hacker was extradited to the US to face charges related to an online extortion scheme. And why not? Many hackers are getting into the cybercrime game for the easy money it provides and attacks on sensitive targets, such as financial services and the healthcare industry, are proving singularly tough to reduce.

Meanwhile, an alleged British hacker was not forced to decrypt his data after a law-enforcement body failed in its bid. Bangladeshi police were blaming transaction clearinghouse SWIFT for a recent hack of the country's central bank.

Even as the US FBI suggested the hack may have been an inside job, SWIFT warned that another of its customers may also have been hacked. Yet businesses are often to blame for not following even the most basic security advice, according to a new survey, while another found that many aren't looking very hard for vulnerabilities.

One security expert warned that such failures represented exposure to potential “extinction-level” events, as seen in the recent hack of law firm Mossack Fonseca during the 'Panama Papers' scandal. Even government agencies are probably not as secure as you assume, one expert was warning. Networking vendor Aruba was patching flaws in some of its devices, while Microsoft fixed 51 vulnerabilities in Internet Explorer and perennial hacker favourite Adobe was prepping updates for a newly discovered Flash attack that was ultimately fixed, albeit more slowly than is desirable.

Little wonder Google was outlining its plans to rid the world of Adobe Flash Player. Also in the world of software, flaws in 7-Zip file-compression libraries had some concerned about potential flaws in other products that rely on them. Apache announced an Internet security framework called Milagro that will shift away from centralised certificates and passwords.

US authorities were warning businesses and government bodies to review their SAP environments after it was found that many businesses were still vulnerable to a bug that was patched by SAP more than 5 years ago. The US Department of Homeland Security was among those most concerned. The US House of Representatives was also concerned about cybersecurity, blocking Yahoo Mail and Google App Engine over malware concerns.

Given the government's growing role in investigating cybercriminal activity, Mozilla was requesting that the US government tell it first whenever government security specialists find vulnerabilities in the Mozilla-based Tor browser. T

he US FCC and FTC launched an inquiry exploring how updates are handled by major smartphone makers, particularly in terms of how consumers can find out when they're available. Investigators suggested that malware attacks on two banks have links with the 2014 hack of Sony Pictures, while a UK SME explained how it managed to deal with a targeted ransomware attack.

Join the CSO newsletter!

Error: Please check your email address.

Tags week in securityLiberty Reservecyber crimeAdobe Flash playerbanksInternet Explorerfbicyber securityhackedGoogleUS FCCSwiftUS Department of Homeland Securitybidding war

More about ApacheFBIFCCFTCGoogleHouse of RepresentativesMicrosoftMozillaSonyYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place