The week in security: WireLurker penetrates Apple defences, SMBs face shadow-IT threat

Small businesses are proving to be a locus for cybersecurity attacks, with security experts advising that better communication is necessary to keep SMBs protected and some warning that the relatively small IT organisations of SMBs make them particularly vulnerable to the proliferation of 'shadow IT'.

Malware attacks are forcing UK organisations to change their security policies, but they're not alone: Apple had to act quickly to hose down some security issues, with warnings that Apple's security checks may miss the iWorm malware even as the company released a fix for iWorm even as there were warnings that it was an incomplete solution.

Some experts were warning that the company's Apple Pay, like rivals' CurrentC technologies should be avoided until cybercriminals have had a go at finding their vulnerabilities. But Apple's biggest problem came as authorities caught up with the first-ever malware attack to infect Apple mobile devices even when they haven't been jailbroken.

That malware, called WireLurker, had security experts quite concerned. Even as Apple moved to block infected WireLurker apps from running, it was revealed that attackers were using the malware on both Mac OS X and Windows PCs.

Security must be tackled as a team effort, some were warning, with a Dell survey finding that the involvement of executives in cybersecurity efforts significantly boosts organisational confidence in information security.

Some experts were warning that schools are utilising increasingly capable big-data tools to track students' online behaviour. Monitoring might be particularly useful for the many users that are still getting caught out by common Facebook scams. Little wonder experts are still warning that home working is a data-security disaster in the making.

The head of GCHQ wants even more support from social-media giants, with calls for the big networks to be more proactive in helping authorities block terrorists.

Even as Microsoft's general counsel warned about the escalation of a privacy 'arms race', IBM was looking into enterprise cloud security and Google was focused on boosting security by offering a tool for testing applications and devices for SSL and TLS weaknesses.

The US Department of Homeland Security (DHS) warned that two Linksys router models haven't received security fixes released back in July. A cyberespionage group has been targeting Linux systems and Cisco routers, while the Rovnix Trojan took a more conventional path by infecting over 130,000 Windows PCs in the UK alone.

Read more: Pervasive technologies and its implication on security

Credit-card companies have been focused on security, with a flaw in Visa's contactless payment cards coming to light and American Express worked to replace payment card numbers with unique tokens.

Speaking of less-than-desirable security, a comparative test by the Electronic Frontier Foundation (EFF) found that some of the most popular messaging apps failed basic security tests. You'd think they would improve over time, but some are concerned that the pendulum could be swinging the other way: with the conservative Republicans taking control of the US Congress in the recent midterm elections, some were concerned that funding for cybersecurity research and regulations could be hit.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Tags information securityEnex TestLabApplesmbLinksysMac OS Xsupercomputingvisaamerican expresssmall businessesterroristsmalware attacksvulnerableCSO Australiadirectors for CSO Australiabig-dataiWormWireLurkerUS Department of Homeland Security (DHS)Windows PCCredit-card companiesshadow-IT

Show Comments