The week in security: Banks falling SWIFTly as businesses warned about taking security seriously enough

The benefits of communication are often lauded within corporate environments but making it happen is often much harder.

Social media-minded CSOs should educate users with real-world examples of how the services are being exploited by hackers, one expert has warned, while others suggested that disruption had become big business for cybercriminals.

The founder of the now-defunct Liberty Reserve virtual currency was sentenced to 20 years in prison and an alleged Syrian hacker was extradited to the US to face charges related to an online extortion scheme. And why not? Many hackers are getting into the cybercrime game for the easy money it provides and attacks on sensitive targets, such as financial services and the healthcare industry, are proving singularly tough to reduce.

Meanwhile, an alleged British hacker was not forced to decrypt his data after a law-enforcement body failed in its bid. Bangladeshi police were blaming transaction clearinghouse SWIFT for a recent hack of the country's central bank.

Even as the US FBI suggested the hack may have been an inside job, SWIFT warned that another of its customers may also have been hacked. Yet businesses are often to blame for not following even the most basic security advice, according to a new survey, while another found that many aren't looking very hard for vulnerabilities.

One security expert warned that such failures represented exposure to potential “extinction-level” events, as seen in the recent hack of law firm Mossack Fonseca during the 'Panama Papers' scandal. Even government agencies are probably not as secure as you assume, one expert was warning. Networking vendor Aruba was patching flaws in some of its devices, while Microsoft fixed 51 vulnerabilities in Internet Explorer and perennial hacker favourite Adobe was prepping updates for a newly discovered Flash attack that was ultimately fixed, albeit more slowly than is desirable.

Little wonder Google was outlining its plans to rid the world of Adobe Flash Player. Also in the world of software, flaws in 7-Zip file-compression libraries had some concerned about potential flaws in other products that rely on them. Apache announced an Internet security framework called Milagro that will shift away from centralised certificates and passwords.

US authorities were warning businesses and government bodies to review their SAP environments after it was found that many businesses were still vulnerable to a bug that was patched by SAP more than 5 years ago. The US Department of Homeland Security was among those most concerned. The US House of Representatives was also concerned about cybersecurity, blocking Yahoo Mail and Google App Engine over malware concerns.

Given the government's growing role in investigating cybercriminal activity, Mozilla was requesting that the US government tell it first whenever government security specialists find vulnerabilities in the Mozilla-based Tor browser. T

he US FCC and FTC launched an inquiry exploring how updates are handled by major smartphone makers, particularly in terms of how consumers can find out when they're available. Investigators suggested that malware attacks on two banks have links with the 2014 hack of Sony Pictures, while a UK SME explained how it managed to deal with a targeted ransomware attack.

Join the CSO newsletter!

Error: Please check your email address.

Tags week in securityLiberty Reservecyber crimeAdobe Flash playerbanksInternet Explorerfbicyber securityhackedGoogleUS FCCSwiftUS Department of Homeland Securitybidding war

More about ApacheFBIFCCFTCGoogleHouse of RepresentativesMicrosoftMozillaSonyYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

More videos

Blog Posts