The week in security: Researchers re-identify Medicare data; massive, complex DDoS targets journalist as revenge

Revelations that a massive database of deidentified Medicare data could be reverse-engineered led to the data set's pulling from the Internet even as Telstra Health faced accusations that it couldn't possibly resist the temptation to do bad things with sensitive health information after it was awarded a major health-information consolidation tender.

Donald Trump's hotel chain was fined over a series of hacks that exposed more than 70,000 credit card numbers and other personal data. A US representative was pushing for a government probe of the massive recent Yahoo data breach, even as six senators joined the call for more information.

Yahoo claimed the breach was the product of 'state-sponsored' hackers, but one security firm said the claims were rubbish. One security expert was arguing that cloud security isn't so very hard if you know where to look, while another expert was hoping that car manufacturers would look more closely at securing their own systems and US voting authorities were just hoping they could maintain the integrity of the country's voter registration system.

With 73 percent of companies using vulnerable end-of-life networking devices, Australian businesses need to get more serious about securing their own systems as data disappears at a shocking rate, one security expert has argued. Containerisation has also gained currency as a form of endpoint protection, with Microsoft using the technique to protect users of its Edge browser through a hardware-based virtual barrier between the browser and the Windows hardware.

This, as the rate of desktop malware declined for the first time in many years – but that's not to suggest a decline in the activities of cybercriminals, who are using everything from smarter supply chains to sneaky ransomware tricks to bilk unsuspecting victims. Even as large numbers of IoT devices were harnessed to launch massive DDoS attacks, another massive and extremely complex attack took down a security journalist's Web site.

Target Brian Krebs said the attack was payback for a blog he had written, while experts were offering their advice as to how companies can fight back against hacker 'farming'. Payments network Swift revealed three more failed attacks on its network, while Illusive Networks was looking to fight back against Swift's attackers using deception techniques. As one company increased its bounty for an iOS 10 jailbreak technique to $US1.5 million ($A1.99m), a new Mac Trojan was leveraging the Russian space program as bait, while a newly introduced flaw in the OpenSSL cryptographic library was flagged as potentially critical.

An Android Trojan that can steal files from corporate networks was spreading through several app stores, while ransomware was seen to be spreading through weak remote-desktop credentials and Firefox moved to block web sites using vulnerable encryption keys.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags cyber criminalsYahoocyber securityhacksDDoS attacksdata leakageDonald TrumpOpenSSLMedicare datacredit card theftTelstra Healthlarge scale attackSponsored hackers

More about MicrosoftYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by David Braue

Latest Videos

More videos

Blog Posts