The week in security: ASD updates security best-practice guidelines as invisible malware looms

The Australian Signals Directorate updated its widely-cited cybersecurity guidance with four new policies for improving overall security, helping set the stage for greater government cybersecurity engagement with businesses that are likely to soon face breach-notification laws.

Also on the policy front, security thinktank the ACCS was warning that proposed telecommunications security reforms needed stronger oversight. And security experts were warning that businesses need to be vigilant about fake tech news that could be used to distract them from other attacks. Little wonder that cybersecurity is the #1 concern of IT auditors that are fighting to secure their place in technology projects.

Reports may have suggested the number of new malware variants decreased last year, but a surge in phishing scams against the IRS confirmed that the threat is far from over. Not even the cybercriminals are safe: a dark-web hosting service was taken down using a well-known exploit.

Malware authors are switching towards less suspicious file types, a report warned as new Mac malware, suspected of being produced in Iran, was targeting the US defence industry. And file-less malware, flagged as being particularly hard to detect, was attacking banks and other organisations.

Hackers worked to send a caution to printer owners by remotely compromising them and forcing them print out random messages. Also on the insecure-devices front, TV maker Vizio paid $2.2m ($A2.89m) to settle a complaint that it had been spying on its users. Also on the privacy front, there were concerns about US authorities’ plans to force visa applicants to hand over login details for their social-media accounts.

Two reports into credit-card security failed to reach a consensus about whether card fraud is increasing or not, while Accenture was working to secure business blockchains.

Malwarebytes became the latest security vendor to bolster its Australian presence, joining the fray of vendors that believe endpoint security is the new sexy. There were also new entrants on the IoT security front – and not a minute too soon, with a Windows Trojan hacking into embedded devices to install the Mirai IoT malware.

A UK government internal review has been scathing about that country’s cybersecurity strategy, while the US House of Representatives approved a US law securing new privacy protections around email and cloud services. Polish banks were on alert after mystery malware was found on their computers.

Attackers were searching for Wordpress sites that hadn’t been updated to fix a recently publicised bug – and ended up defacing 1.5 million Web sites. A new gadget promised a self-destruct option for phones and an Android app promised to stop unwanted collection of private data by apps on the platform. And Apple’s iCloud service was found to be saving deleted browser records.

Join the CSO newsletter!

Error: Please check your email address.

Tags hackersIT auditorscybersecurity guidanceIRSAustralian Signals Directorateaccenturemetadatamalware

More about AppleHouse of RepresentativesIRSMalwarebytesVizio

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

More videos

Blog Posts