The week in security: Researchers re-identify Medicare data; massive, complex DDoS targets journalist as revenge

Revelations that a massive database of deidentified Medicare data could be reverse-engineered led to the data set's pulling from the Internet even as Telstra Health faced accusations that it couldn't possibly resist the temptation to do bad things with sensitive health information after it was awarded a major health-information consolidation tender.

Donald Trump's hotel chain was fined over a series of hacks that exposed more than 70,000 credit card numbers and other personal data. A US representative was pushing for a government probe of the massive recent Yahoo data breach, even as six senators joined the call for more information.

Yahoo claimed the breach was the product of 'state-sponsored' hackers, but one security firm said the claims were rubbish. One security expert was arguing that cloud security isn't so very hard if you know where to look, while another expert was hoping that car manufacturers would look more closely at securing their own systems and US voting authorities were just hoping they could maintain the integrity of the country's voter registration system.

With 73 percent of companies using vulnerable end-of-life networking devices, Australian businesses need to get more serious about securing their own systems as data disappears at a shocking rate, one security expert has argued. Containerisation has also gained currency as a form of endpoint protection, with Microsoft using the technique to protect users of its Edge browser through a hardware-based virtual barrier between the browser and the Windows hardware.

This, as the rate of desktop malware declined for the first time in many years – but that's not to suggest a decline in the activities of cybercriminals, who are using everything from smarter supply chains to sneaky ransomware tricks to bilk unsuspecting victims. Even as large numbers of IoT devices were harnessed to launch massive DDoS attacks, another massive and extremely complex attack took down a security journalist's Web site.

Target Brian Krebs said the attack was payback for a blog he had written, while experts were offering their advice as to how companies can fight back against hacker 'farming'. Payments network Swift revealed three more failed attacks on its network, while Illusive Networks was looking to fight back against Swift's attackers using deception techniques. As one company increased its bounty for an iOS 10 jailbreak technique to $US1.5 million ($A1.99m), a new Mac Trojan was leveraging the Russian space program as bait, while a newly introduced flaw in the OpenSSL cryptographic library was flagged as potentially critical.

An Android Trojan that can steal files from corporate networks was spreading through several app stores, while ransomware was seen to be spreading through weak remote-desktop credentials and Firefox moved to block web sites using vulnerable encryption keys.

Tags cyber criminalsYahoohacksDDoS attacksdata leakageDonald TrumpOpenSSLMedicare datacredit card theftTelstra Healthlarge scale attackSponsored hackers

Show Comments