The week in security: Warnings on Rio Olympics cybersecurity, YouTube phone takeovers

Cybersecurity researchers tried a new tack by introducing security bugs to teach bug-finding tools how to find software bugs, while Google was working on techniques that might stop quantum computers from being able to crack encryption methods in wide use today.

Experts were warning about nine critical controls that companies need to keep up with the changing cybersecurity landscape, with a range of devices and techniques available to help mitigate insider threats. Warnings even extended to visitors to the coming Rio de Janeiro Olympics, where careless use of Wi-Fi and other online activities could lead to heartache for visitors.

The European Union was cracking down on cybersecurity, with plans to tighten regulatory requirements on Bitcoin exchanges and news of a plan for a public-private partnership investing $US2 billion ($A2.8b) in cybersecurity research, while a study of network-based attacks suggested that malware authors were relying on common and legitimate networking tools to probe networks once malware had secured access to target networks.

That process is often easier than it should be, with one company ex-employee held to have acted illegally by using the login credentials of a current employee to gain access to the company network. Researchers warned that a smartphone could be remotely controlled with voice commands hidden in a YouTube video, while a flaw in D-Link cameras would allow remote takeover of more than 120 cameras and products from that company.

A second man pleaded guilty to using a phishing scheme to hack photographs and other private information of famous LA-based entertainers; this, as Apple bragged that the high price for iOS exploits suggests that the company is doing a good job with its security efforts.

This, as security researchers discovered a Tor-powered backdoor that was targeting Apple Macs and a backdoor that steals credentials stored in the operating system's encrypted Keychain. Meanwhile, Google released a massive Android update that fixed more than 100 security flaws in Android. Security firm Avast! Offered $US1.3 billion ($A1.8b) to buy rival AVG Technologies, while US fast-food chain Wendy's became the latest big-name business to be hit by credit-card hacking. Hospitals were also facing a growing security threat while there were warnings that increasing cloud use was leaving many adopters vulnerable.

Yet despite the exposure of such breaches, UK authorities were concerned that billions are being lost to cybersecurity without ever being reported. US consumer authority the Federal Trade Commission (FTC) launched an investigation into hacked adultery Web site Ashley Madison, while there were warnings that employee use of social media carries risks as well as advantages.

Along similar lines, the US government closed its investigation into presidential candidate Hillary Clinton's personal email system.

Join the CSO newsletter!

Error: Please check your email address.

Tags cybersecurityWi-FiD-Link Systemssoftware bugsQuantum computersOlympicsyoutube

More about AppleAvastFederal Trade CommissionFTCGoogleMacs

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts