The week in security: Empowered CISOs in firing line; ANZ firms' document protection found wanting

IT industry luminaries united for industry organisation ISACA's Oceania CACS event, with digital disruption high on the agenda and experts expounding on issues such as the ongoing cyber security skills crisis, the gender-based skills gap, a top-down view of the cybersecurity response from the AFP's point of view, and the security issues at the Department of Chickens.

An enervated BlackBerry is expanding its mobile-security credentials to build broader ecosystems for securing and managing devices, the company's new regional head said. Apple also got a hard lesson about securing and managing mobile devices as the rollout of its new iOS 10 mobile operating system was plagued by an early glitch and quickly patched to fix seven security issues.

Also in the mobile sector, Google offered a $US200,000 ($A268,000) top prize in its new Android hack challenge, which runs through March 2017. There were warnings about a rogue Pokémon Go guide app that had been downloaded over 500,000 times and downloads root exploits that allow the devices to be taken over.

The US FBI was hit with a lawsuit over its refusal to disclose how it cracked a mass shooter's iPhone 5c earlier this year, while one security researcher said the FBI could have completed the hack using readily available tools in under 2 days.

A breach of the World Anti-Doping Agency, which leaked damning details of Olympic athletes' drug testing, was attributed to the same Russian hackers that allegedly breached the Democratic National Committee earlier this year.

Also on the privacy front, an Australian legal thinktank raised questions about the legality of online service provider privacy agreements. An evaluation of business data protection in Australia and New Zealand found it to be more reactive and less mature than in other countries.

Even as hackers found 47 new vulnerabilities in 23 Internet of Things (IoT) devices at DEF CON, researchers identified thousands of Seagate NAS devices that are hosting cryptocurrency mining malware, while a MySQL zero-day exploit opened up new channels for some servers to be hacked. Microsoft released one of its biggest security updates of the year, while Adobe was fixing issues in its Flash Player and Digital Editions products.

NTP reflection attacks hit record-high levels, while a report warned that a single ransomware network has pulled in $US121 million ($A162m). Volkswagen founded a new cybersecurity firm to prevent car hacking, while US authorities were opposing the proposed splitting of the NSA and Cyber Command amidst lawmaker campaigning against a grassroots campaign pushing president Barack Obama to pardon Edward Snowden.

While security experts worried that hackers were manipulating the US election result, and that Soviet-style disinformation would drive ongoing document dumps and other issues. This creates new issues for CISOs, who are being empowered to protect information security at a high level but may also be in the firing line if a data breach causes reputational damage. This, as experts warned that mergers create a significant security risk, and others weighed in on the importance of auditing in managing the fallout from ongoing cybersecurity wars.

Even as a new Windows 10 hack defeats the operating system's pass-the-hash defences, PC innovator ORWL launched a secure PC that has been hardened against physical attack. And new figures from MasterCard showed that not everyone is as deeply concerned about security: US adoption of chip-based credit cards has grown but merchants in that country overwhelmingly don't support the technology.

Join the CSO newsletter!

Error: Please check your email address.

Tags hackerscybersecurityiOS 10 mobileSACA'sISACAcyber security skills crisisPokémon GoCACSBlackberryGoogledata breachfbiVolkswagenCSO AustraliaOceaniasecurity issues

More about AdobeAppleBlackBerryFBIGoogleISACAMicrosoftMySQLNASNSASeagate

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts