The week in security: Researchers re-identify Medicare data; massive, complex DDoS targets journalist as revenge

Revelations that a massive database of deidentified Medicare data could be reverse-engineered led to the data set's pulling from the Internet even as Telstra Health faced accusations that it couldn't possibly resist the temptation to do bad things with sensitive health information after it was awarded a major health-information consolidation tender.

Donald Trump's hotel chain was fined over a series of hacks that exposed more than 70,000 credit card numbers and other personal data. A US representative was pushing for a government probe of the massive recent Yahoo data breach, even as six senators joined the call for more information.

Yahoo claimed the breach was the product of 'state-sponsored' hackers, but one security firm said the claims were rubbish. One security expert was arguing that cloud security isn't so very hard if you know where to look, while another expert was hoping that car manufacturers would look more closely at securing their own systems and US voting authorities were just hoping they could maintain the integrity of the country's voter registration system.

With 73 percent of companies using vulnerable end-of-life networking devices, Australian businesses need to get more serious about securing their own systems as data disappears at a shocking rate, one security expert has argued. Containerisation has also gained currency as a form of endpoint protection, with Microsoft using the technique to protect users of its Edge browser through a hardware-based virtual barrier between the browser and the Windows hardware.

This, as the rate of desktop malware declined for the first time in many years – but that's not to suggest a decline in the activities of cybercriminals, who are using everything from smarter supply chains to sneaky ransomware tricks to bilk unsuspecting victims. Even as large numbers of IoT devices were harnessed to launch massive DDoS attacks, another massive and extremely complex attack took down a security journalist's Web site.

Target Brian Krebs said the attack was payback for a blog he had written, while experts were offering their advice as to how companies can fight back against hacker 'farming'. Payments network Swift revealed three more failed attacks on its network, while Illusive Networks was looking to fight back against Swift's attackers using deception techniques. As one company increased its bounty for an iOS 10 jailbreak technique to $US1.5 million ($A1.99m), a new Mac Trojan was leveraging the Russian space program as bait, while a newly introduced flaw in the OpenSSL cryptographic library was flagged as potentially critical.

An Android Trojan that can steal files from corporate networks was spreading through several app stores, while ransomware was seen to be spreading through weak remote-desktop credentials and Firefox moved to block web sites using vulnerable encryption keys.

Join the CSO newsletter!

Error: Please check your email address.

Tags OpenSSLcyber criminalscredit card theftDonald TrumpMedicare datalarge scale attackTelstra Healthcyber securityDDoS attacksYahooSponsored hackersdata leakagehacks

More about MicrosoftYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place