The holidays in security: Breaches drive governments to bug bounties

Australia may have taken it easy for the holiday season, but hackers weren’t easing off during the festivities.

There were attacks, for example, on [[xref: |several major US newspapers]] while nation-state attackers [[xref: |were fingered]] for exploiting a bug in Twitter’s anti-trolling tools.

US authorities [[xref: |charging two Chinese nationals]] for massive data thefts from NASA and other firms – also drawing the ire of Australian authorities, who [[xref:| charged China]] with backing the campaign of intellectual property theft and managed service provider hacking.

These and other breaches followed on from [[xref: |a recent leak]] that affected 52 million Google+ and G Suite users, and revelations that [[xref: |Facebook provided]] Microsoft, Amazon and Yahoo with special access to its users’ data.

It wasn’t the best leadup to a year that [[xref: |is already expected]] to pose new challenges and frustrations for CISOs – least of all, compliance with 2018-era legislation that [[xref: |continues to challenge]] many organisations’ existing privacy practices.

Singapore government agencies [[xref: |announced a partnership]] with local hackers to launch a bug bounty program that would highlight vulnerabilities in government systems, and the EU embarked on a similar project with [[xref: |bug bounties]] for 14 open-source projects.

Secure-messaging firm Signal said [[xref: |it couldn’t comply]] with Australia’s new encryption laws even if it wanted to – with suggestions that the law could lead to a ban on the Signal-derived WhatsApp.

Also working on the hardware front was a new USB-C security program designed to [[xref: |block illegitimate USB-C devices]].

An audit by motherboard producer Supermicro [[xref: |found no evidence]] of spying-focused hardware on its products.

Microsoft was also looking internally as it [[xref: |offered a $25k prize]] for those who can use artificial-intelligence techniques to predict which Windows PCs are most likely to be infected with malware.

Microsoft will also [[xref: |add sandboxing capabilities]] to the next version of Windows 10, allowing malware researchers to safely run untrusted apps if they want to.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags governmentGoogle+twitterNASAbreachesprivacy practicesBug bountiesmanaged service provider hackinganti-trolling tools

More about AmazonAustraliaEUFacebookGoogleMicrosoftNASATwitterYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by David Braue

Latest Videos

More videos

Blog Posts