The week in security: As VTech toy hack worsens, experts warn consumer devices won’t be patched

Investigations into the breach of toy maker VTech – which admitted the attack had affected 6.4 million children's accounts – revealed that hackers had stolen photos of children and their parents, compounding a data breach that is already being ranked among the worst of the year.

Even as a new report suggested that scripting languages are the most vulnerable – and as Adobe formally suggested that Web developers move on from using its vulnerability-ridden Flash platform – a new attack campaign was targeting SMBs with a botnet designed to deliver point of sale malware. And another attack vector emerged as ransomware and scammy tech-support sites joined forces to target users. There were also reports that an exploit kit, password stealer and ransomware program had been combined into a potent cocktail.

The encrypted messaging app Signal was released in beta form for desktops, while Cisco patched a permission hijacking issue in its WebEx Meetings app for Android. Also on the mobile front, BlackBerry delayed its imminent departure from the Pakistan market for a month – leading some to wonder whether a compromise was being struck.

The security of consumer home devices was being questioned, with some analysts concluding that home-electronics makers were unlikely to boost the security of home devices due to consumers' unwillingness to pay more for properly secured devices. As if to confirm the point, millions of smart TVs, phones and routers were said to be at risk from a 3-year-old software vulnerability and a researcher said flaws in Huawei Wimax routers won't be fixed. Also not going to be patched are older branches of the OpenSSL library.

Microsoft and law-enforcement agencies were working together to disrupt the Dorknet botnet, while a free digital-certificate project opened its doors for a public beta designed to facilitate better Web-site security.

Even as a Russian spy group was adopting new tools to hack the networks of defence contractors, the United States and China took tentative steps towards an agreement on cybersecurity cooperation, even as an Australian academic was warning that security is a long game and building national security capability will take decades to do properly.

Participate in CSO and Gigamon's survey on Security Priorities today!

Go into the draw for a chance to win an Apple iWatch Sports or the equivalent of $500 Visa Cashcard.
For full terms and conditions click here.

Read more: Zerodium offers $100k to crack newly hardened Adobe Flash

Start survey NOW!

Tags breachhackingMicrosoftBlackberrymalwareAndroidadobeciscoVtechOpenSSLvulnerableWebEx Meetings app

Show Comments