The week in security: ASD updates security best-practice guidelines as invisible malware looms

The Australian Signals Directorate updated its widely-cited cybersecurity guidance with four new policies for improving overall security, helping set the stage for greater government cybersecurity engagement with businesses that are likely to soon face breach-notification laws.

Also on the policy front, security thinktank the ACCS was warning that proposed telecommunications security reforms needed stronger oversight. And security experts were warning that businesses need to be vigilant about fake tech news that could be used to distract them from other attacks. Little wonder that cybersecurity is the #1 concern of IT auditors that are fighting to secure their place in technology projects.

Reports may have suggested the number of new malware variants decreased last year, but a surge in phishing scams against the IRS confirmed that the threat is far from over. Not even the cybercriminals are safe: a dark-web hosting service was taken down using a well-known exploit.

Malware authors are switching towards less suspicious file types, a report warned as new Mac malware, suspected of being produced in Iran, was targeting the US defence industry. And file-less malware, flagged as being particularly hard to detect, was attacking banks and other organisations.

Hackers worked to send a caution to printer owners by remotely compromising them and forcing them print out random messages. Also on the insecure-devices front, TV maker Vizio paid $2.2m ($A2.89m) to settle a complaint that it had been spying on its users. Also on the privacy front, there were concerns about US authorities’ plans to force visa applicants to hand over login details for their social-media accounts.

Two reports into credit-card security failed to reach a consensus about whether card fraud is increasing or not, while Accenture was working to secure business blockchains.

Malwarebytes became the latest security vendor to bolster its Australian presence, joining the fray of vendors that believe endpoint security is the new sexy. There were also new entrants on the IoT security front – and not a minute too soon, with a Windows Trojan hacking into embedded devices to install the Mirai IoT malware.

A UK government internal review has been scathing about that country’s cybersecurity strategy, while the US House of Representatives approved a US law securing new privacy protections around email and cloud services. Polish banks were on alert after mystery malware was found on their computers.

Attackers were searching for Wordpress sites that hadn’t been updated to fix a recently publicised bug – and ended up defacing 1.5 million Web sites. A new gadget promised a self-destruct option for phones and an Android app promised to stop unwanted collection of private data by apps on the platform. And Apple’s iCloud service was found to be saving deleted browser records.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags malwareaccenturemetadataIRSAustralian Signals DirectorateIT auditorscybersecurity guidance

More about AppleHouse of RepresentativesIRSMalwarebytesVizio

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by David Braue

Latest Videos

More videos

Blog Posts