The week in security: Malware spike raises urgency of threat sharing

In a case of life imitating warnings, the US government appointed a new White House cyber security chief and was hoping China would agree to rules the US wants to impose on potential cyber wars, while the domestic security industry was largely happy to hear about efforts to bring CREST accreditation to Australia.

Efforts to improve sharing of threat information don't always go smoothly, but over 1000 US defence contractors seem determined to change that by voluntarily sharing information about cyber threats (and potentially nobbling the CISPA legislation in the process); could a similar program work in Australia?

Others are concerned about sharing of a less benevolent kind, as the heavy use of wireless in healthcare environments sets some people worrying about healthcare data security. Aiming to quash its own concerns about data security, CSO featured the story of bus transport group Grenda Security, which has revisited its server and security infrastructure to accommodate its new reliance on virtualised infrastructure.

It's not the only one: Eugene Kaspersky, who did the rounds throughout Australia on the back of appearances at AusCERT and CeBIT, warned that Apple is still way behind Microsoft in terms of its security. Apparently Yahoo wasn't doing too well either, with the company forced to update its Axis extension for Google's Chrome browser after a slight snafu with its private key that let anybody sign extensions using Yahoo's credentials; on a related note, researchers were suggesting a way to use Transport Layer Security (TLS) protocol extensions to help browsers automatically figure out when they're presented with fraudulent certificates.

Even as Intel launched a cloud-based single sign-service, some industry figures were asking whether cloud-based security is actually cheaper than the alternative. An Armenian malware author was sentenced to four years in prison for creating the Bredolab malware, even as Anonymous claimed it hacked a US Department of Justice website.

Malware fighters were kept busy by news of a cross-browser worm that spreads via Facebook and new banking-industry Trojans that spread via an online scam and hijack users' webcams and microphones. Indeed, statistics from McAfee suggest we've just come off the busiest quarter for PC malware in recent history.

Straight from the what-could-possibly-go-wrong department, a new SDK from Soti allows remote control of mobile applications on iPhones, iPads and iPod touches. Similarly, straight from the ‘we-learned-the-hard-way-what-could-go-wrong’ department, Microsoft took down its Bing Streetside site in Germany after getting too many complaints that it's a privacy intrusion.

And Google, which faced eight new vulnerabilities in its products after they were announced by researchers, is in the process of notifying half a million people that their systems may be infected with DNSChanger malware; is still copping scrutiny from EU regulators over its privacy-policy changes; and may face new investigations after lawmakers pushed the US Department of Justice to reopen its investigations into Google's Wi-Fi snooping.

It doesn't take a malware hit to cause a privacy breach, but a new survey debunked popular belief by concluding that the US Patriot Act won't actually give the US government special access to personal data stored in US-based cloud services. It may be more useful for companies to focus on robust destruction of their confidential data when it's no longer necessary, some experts say, while a report from security firm Onapsis found that over 95 per cent of tested SAP systems hadn't been patched enough to be considered secure anymore.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about AppleAxisCeBITCERT AustraliaDepartment of JusticeEUFacebookGoogleIntelKasperskyKasperskyMcAfee AustraliaMicrosoftSAP AustraliaUS Department of JusticeYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by David Braue

Latest Videos

More videos

Blog Posts