The week in security: IT executives forced to implement insecure systems

Users of cloud applications are several times more likely to engage in behaviours that compromise password security, according to a new study of user habits. Yet that's not the only piece of bad news on the applications front: new research from Trustwave suggests that a large proportion of IT professionals are being pressured to implement new technologies even when they don't have the resources to secure them effectively.

Some security advisors were warning that IT professionals should skill up on the emerging Bitcoin economy, while an analysis of the Pastebin Web site showed that some 311,095 user credentials were posted to that site alone last year.

Concerns over the NSA's online surveillance have reached the highest levels, with French and German authorities reportedly discussing ways to keep European email away from US servers. In a related effort, UK privacy advocates are increasingly concerned about the pending introduction of a National Health Service database that automatically extracts patient records from GPs' computer systems.

They may be right to be worried: healthcare data was the most commonly stolen data in US data breach incidents during 2013, according to new figures from the Identity Theft Resource Center. Such threats should prompt many companies to check their handling of internal threats, experts warn.

Experts were also warning governments to prioritise protection of energy-sector companies from security breaches, while Hackers developed an exploit for the vulnerability targeted by the recently discovered Linksys router worm, while Belkin fixed a WeMo security hole that could give hackers access to home appliances.

Others developed a way to bury a crucial component of the Zeus banking malware within a digital photo. Also on the banking front, Visa was promoting the security of the Europay MasterCard Visa (EMV) chip-card security, which is only now being implemented in the US.

Meanwhile, the high-profile Syrian Electronic Army compromised the news Web site of Forbes and published the names, email addresses and encrypted passwords of more than 1 million users. Zeus was spotted scouring for sensitive data, promising likely new additions to a new database of worldwide data breaches that was launched by SafeNet.

The continuing success of hackers in breaching various targets – including the continuing assault of advanced persistent threats (APTs) and the revelation that iOS apps are even riskier than Android apps, despite a surge in malware-infected Android apps in the Google Play store and revelations cheap Android phones are particularly malware-vulnerable – has led vendors to try new techniques to give their customers a fighting chance.

McAfee is among the latest aiming to do so, with a new enterprise security package designed for fast threat detection and response. At the same time, another batch of startups are aiming to safeguard mobile devices and cloud applications. And Cisco Systems, for its part, fixed a number of problems enabling unauthorised access and DoS flaws in some of its products.

Yet better security isn't all that complicated, according to one analysis that suggests simply changing user rights from 'administrator' to 'standard' access would have hobbled 90 percent of the Microsoft-based critical vulnerabilities reported last year. Whether or not that includes an unpatched IE bug that one researcher claims is being exploited by two hacker gangs, is not yet clear.

There are new threats on the horizon: according to one report, European cyber-criminals are moving away from traditional SMS fraud towards 'chargeware'. A UK gaming firm was hit with a £45,000 ($A84,000) fine after using a deceptive Pac Man game to trick users into accessing high-charged SMS services. All this, amidst growing signs that cyber criminals are targeting mobile devices by region.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about Belkin AustraliaCiscoCiscoGoogleLinksysMcAfee AustraliaMicrosoftNSASafeNetSalesforce.comTrustwaveVisa

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

More videos

Blog Posts