The week in security: Empowered CISOs in firing line; ANZ firms' document protection found wanting

IT industry luminaries united for industry organisation ISACA's Oceania CACS event, with digital disruption high on the agenda and experts expounding on issues such as the ongoing cyber security skills crisis, the gender-based skills gap, a top-down view of the cybersecurity response from the AFP's point of view, and the security issues at the Department of Chickens.

An enervated BlackBerry is expanding its mobile-security credentials to build broader ecosystems for securing and managing devices, the company's new regional head said. Apple also got a hard lesson about securing and managing mobile devices as the rollout of its new iOS 10 mobile operating system was plagued by an early glitch and quickly patched to fix seven security issues.

Also in the mobile sector, Google offered a $US200,000 ($A268,000) top prize in its new Android hack challenge, which runs through March 2017. There were warnings about a rogue Pokémon Go guide app that had been downloaded over 500,000 times and downloads root exploits that allow the devices to be taken over.

The US FBI was hit with a lawsuit over its refusal to disclose how it cracked a mass shooter's iPhone 5c earlier this year, while one security researcher said the FBI could have completed the hack using readily available tools in under 2 days.

A breach of the World Anti-Doping Agency, which leaked damning details of Olympic athletes' drug testing, was attributed to the same Russian hackers that allegedly breached the Democratic National Committee earlier this year.

Also on the privacy front, an Australian legal thinktank raised questions about the legality of online service provider privacy agreements. An evaluation of business data protection in Australia and New Zealand found it to be more reactive and less mature than in other countries.

Even as hackers found 47 new vulnerabilities in 23 Internet of Things (IoT) devices at DEF CON, researchers identified thousands of Seagate NAS devices that are hosting cryptocurrency mining malware, while a MySQL zero-day exploit opened up new channels for some servers to be hacked. Microsoft released one of its biggest security updates of the year, while Adobe was fixing issues in its Flash Player and Digital Editions products.

NTP reflection attacks hit record-high levels, while a report warned that a single ransomware network has pulled in $US121 million ($A162m). Volkswagen founded a new cybersecurity firm to prevent car hacking, while US authorities were opposing the proposed splitting of the NSA and Cyber Command amidst lawmaker campaigning against a grassroots campaign pushing president Barack Obama to pardon Edward Snowden.

While security experts worried that hackers were manipulating the US election result, and that Soviet-style disinformation would drive ongoing document dumps and other issues. This creates new issues for CISOs, who are being empowered to protect information security at a high level but may also be in the firing line if a data breach causes reputational damage. This, as experts warned that mergers create a significant security risk, and others weighed in on the importance of auditing in managing the fallout from ongoing cybersecurity wars.

Even as a new Windows 10 hack defeats the operating system's pass-the-hash defences, PC innovator ORWL launched a secure PC that has been hardened against physical attack. And new figures from MasterCard showed that not everyone is as deeply concerned about security: US adoption of chip-based credit cards has grown but merchants in that country overwhelmingly don't support the technology.

Tags ISACABlackberryGoogleVolkswagenCSO Australiasecurity issuesPokémon GoSACA'siOS 10 mobilecyber security skills crisisOceaniaCACS

Show Comments