The week in security: Bank security faces Olympic-sized challenges

Olympics-related scams were in full swing as the Games continued, with unsophisticated bulk phishing scams trying to extract hard-earned from punters and search engines dishing up fake Olympic Games domains.

An upgrade of Australia's payment-card security has delivered mixed results, while security executives were warning that mobile apps have become a major new attack vector for cyber criminals. Growing security fears amongst users are destroying user trust in mobile finance, with new 'Shylock' malware replacing the contact phone numbers in online banking sites and the industry reeling from frauds such as a £2.5m deception perpetrated by a Lloyds head of security for online banking.

Even as the Reveton email-based financial malware scam grew, reports suggested surveillance malware was monitoring Middle Eastern banks; it was christened 'Gauss' and has quickly gained notoriety as the latest state-sponsored cyber-espionage tool. Gauss detection tools were soon on offer from two security organisations as discussions and analysis suggested the new Flame variant reflects a boom in malware tools.

Cloud applications could well become a target too, with Apple licking its wounds after a socially-engineered iCloud hack caused problems for journalist Mat Honan and forced Apple to stop password resets over the phone. This notorious hack led Google to push for two-factor authentication as a new survey confirming that around half of companies use cloud-based services to store sensitive data, using a variety of encryption mechanisms.

That could be a worry as statistics show a growing trend towards privacy breaches and regular attacks, with Apple co-founder Steve Wozniak blasting cloud-hosted security. A data breach at the US EPA was part of a 19% increase in privacy breaches from 2010 to 2011, while a survey suggested Web applications are attacked, on average, once every three days. Some executives want to get more proactive in fighting back, while some industry experts argued that IT executives will struggle to enforce security policies without a system of rewards. And CSO wrapped up other conclusions from recent security conferences.

Australia's privacy commissioner confirmed to CSO that he won't be pushing Google to provide Street View 'payload' data that was supposedly destroyed last year, even as the company cops a $US22.5m fine over its circumvention of privacy controls in Apple's Safari browser.

Google was worrying some with the increasing integration of Gmail and Google search, but it wasn't the only offender: a privacy breach by a UK health trust copped a £175,000 ($A260,000) fine, while online games giant Blizzard Entertainment said its internal network had been breached by hackers and Facebook's own privacy settlement got the nod from the US FTC.

Symantec came out warning that hackers have taken a shine to small businesses, while a report suggested US and China-based attacks increased in the first quarter of this year and other criminals are targeting payroll administrators with emailed malware. Even as it patched 14 new Internet Explorer vulnerabilities, Microsoft announced that Windows 8 and its bundled IE10 would include a 'do not track' option, and Google