The week in security: As VTech toy hack worsens, experts warn consumer devices won’t be patched

Investigations into the breach of toy maker VTech – which admitted the attack had affected 6.4 million children's accounts – revealed that hackers had stolen photos of children and their parents, compounding a data breach that is already being ranked among the worst of the year.

Even as a new report suggested that scripting languages are the most vulnerable – and as Adobe formally suggested that Web developers move on from using its vulnerability-ridden Flash platform – a new attack campaign was targeting SMBs with a botnet designed to deliver point of sale malware. And another attack vector emerged as ransomware and scammy tech-support sites joined forces to target users. There were also reports that an exploit kit, password stealer and ransomware program had been combined into a potent cocktail.

The encrypted messaging app Signal was released in beta form for desktops, while Cisco patched a permission hijacking issue in its WebEx Meetings app for Android. Also on the mobile front, BlackBerry delayed its imminent departure from the Pakistan market for a month – leading some to wonder whether a compromise was being struck.

The security of consumer home devices was being questioned, with some analysts concluding that home-electronics makers were unlikely to boost the security of home devices due to consumers' unwillingness to pay more for properly secured devices. As if to confirm the point, millions of smart TVs, phones and routers were said to be at risk from a 3-year-old software vulnerability and a researcher said flaws in Huawei Wimax routers won't be fixed. Also not going to be patched are older branches of the OpenSSL library.

Microsoft and law-enforcement agencies were working together to disrupt the Dorknet botnet, while a free digital-certificate project opened its doors for a public beta designed to facilitate better Web-site security.

Even as a Russian spy group was adopting new tools to hack the networks of defence contractors, the United States and China took tentative steps towards an agreement on cybersecurity cooperation, even as an Australian academic was warning that security is a long game and building national security capability will take decades to do properly.

Participate in CSO and Gigamon's survey on Security Priorities today!

Go into the draw for a chance to win an Apple iWatch Sports or the equivalent of $500 Visa Cashcard.
For full terms and conditions click here.

Start survey NOW!

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags breachhackingMicrosoftBlackberrymalwareAndroidadobeciscoVtechOpenSSLvulnerableWebEx Meetings app

More about AdobeAppleBlackBerryCiscoCSOGigamonHuaweiMicrosoftVisaVTech

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by David Braue

Latest Videos

More videos

Blog Posts