Australia may be the world's fourth-largest holder of network-security patents, but its Telecommunications companies and government agencies are the least trusted industries when it comes to protecting user data, a new survey has found. Case in point: the besieged US Office of Personnel Management – already hit with a class-action suit over the recent breach of data on US government employees – which took a key system offline after a security flaw was identified in a Web-based background-check system.
One security-rating expert says the ongoing stream of government security breaches is the result of short-sighted cost-based assessments that discount the value of spending more on cybersecurity. Yet spending to improve and better understand new technologies is crucial: even if a robot takeover of the world is unlikely, researchers need to consider the risks of putting too much stock in artificial intelligence, some were warning even as the US mass-surveillance regime was extended by court order as the NSA winds it down.
Malware authors were already proving extremely versatile in writing new malicious code, with authors of banking malware are proving tougher and tougher to beat and general malware authors adding one recent zero-day Adobe exploit to their arsenals within days of its discovery. An ad-fraud Trojan figured out how to update Flash Player to prevent other malware following it onto a victim's system, while Cisco realised it had left a significant vulnerability in its Unified CDM systems and LANDESK was arguing for a more-integrated approach to key management.
Cisco bought security service provider OpenDNS to bolster its own security initiatives, while Amazon released an open-source cryptographic module that may offer a more-secure alternative to the ubiquitous Secure Sockets Layer (SSL) exploited in last year's Heartbleed disaster.
Even as a report found that every analysed company had already been infected by malware – even if the infections weren't yet at the critical stage – a study suggested that virtual private network (VPN) services may not be as secure as users want to believe. It's a timely warning for security practitioners – as was advice that small businesses must weigh their options carefully before committing to a security-as-a-service provider.
US researchers were exploring the use of 'software transplants' to fix buggy code, even as media-streaming company Plex was resetting passwords after a hacker demanded a Bitcoin ransom after stealing its user details.
This article is brought to you by Enex TestLab, content directors for CSO Australia.