The week in security: Google to shame HTTP users; Telstra's secret to finding cybersecurity staff

CISOs beware: a specially-built USB device can steal credentials even from locked Windows PCs after being inserted for just seconds. Also worrying is quantum computing, which is inching closer to reality and promises to compromise many core cybersecurity technologies.

Increasing user concern about whaling and the migration to Microsoft Office 365 cloud applications are driving strong demand for Mimecast solutions that led the company to deepen its investment in the Australian market.

This is little surprise given that executives believe security of cloud data is even more important than the user experience of those services. Yet the cloud shift is also seeing new forms of ransomware and other attacks that are being answered with new spearphishing-detection tools.

Yet despite all the scanners in the world, cybersecurity defences must always consider the human aspect of information security, experts continue to warn even as a high-profile investigative journalist warned that cybercriminals were undergoing a cyber criminal mind shift with implications for how CISOs defend their networks. Such issues also have implications for the oft-cited security skills gap, although Telstra says it's not that hard to find skilled people if you get a bit creative.

This, as the FBI arrested two hackers for stealing information on senior government officials – and as a US government audit found that the massive Office of Personnel Management (OPM) hack could have been avoided and experts weighed in on security requirements for that country's upcoming election.

The US investigated Russia on allegations that it was trying to hack that election, even as US president Barack Obama was bragging about the US government's cybersupremacy – which was seemingly reiterated by confirmation that the US did hack the Elysée Palace in 2012 – but reiterated his concerns about a cyber-arms race.

Presidential contender Donald Trump had no such scruples, calling for the US to expand its cybersecurity capabilities as part of a broad expansion of the military. Yet all US government agencies already face a requirement for stronger and more proactive cybersecurity capabilities, after data-protection guidelines were updated for the first time in over a decade – providing guidance for Australian companies charting their strategic security direction.

The Xen Project patched serious flaws in its virtualisation software while a bug in Sophos antivirus malware scanners triggered false positives on a critical Windows file, while Google offered a three-level Android patch that some worried could cause user confusion. Also confused were Web site owners who have been wondering why their site rankings have been dropping – and it's often thanks to changes in Google Safe Browsing technology. Google is also moving to mark HTTP connections as insecure in a subtle push to Web site owners to jump on the HTTPS bandwagon that will kick off in January.

There were suggestions that half of network management systems are vulnerable to cross-site scripting and SQL injection attacks, even as one security firm found itself in the legal crosshairs on allegations of a stock-tanking tactic in which the security firm claimed key medical products could be hacked in order to fund a short-selling scheme.

Intel moved to sell off its majority stake in its McAfee security unit, partnering with investment firm TPG to respawn the former McAfee security company – although original founder John McAfee may be ready to put a spanner in the works.

An audit of connected device security found that few manufacturers are taking it seriously, while reports from the field suggested that end users are equally lax when it comes to security as 99 percent of compromised user accounts come from password reuse. Many others are also surfacing as data hoarders revive and rework massive data sets compromised in breaches years ago.

Join the CSO newsletter!

Error: Please check your email address.

Tags hackersweek in securitycyber criminalscredentialsWindows PCsUSBhuman errorCISOsfbicyber securitycyber theftMicrosoftHTTPSOPM

More about FBIGoogleIntelMicrosoftMimecastSophos

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts