The week in security: Yahoo suffers biggest breach ever as US promises cyber-payback over Russian election hack

Data breaches continue to get bigger and badder, with Yahoo announcing the compromise of 1 billion accounts – back in 2013, meaning that hackers had three years to abuse the breach. As with the other biggest data breaches suffered throughout the year, there were several things every user should do.

This, as the fallout from the somewhat-smaller massive Ashley Madison hack was quantified, with the company fined $US8.75m ($A11.6m) and submitting to 20 years of federal security auditing as well as paying a $US1.6m ($A2.1m) settlement related to the breach.

Even as the recount in the US election continued – with the margin for Donald Trump up slightly – US officials were cagey about their potential response to what increasingly became recognised as cybersecurity interference from Russia in the US elections. Congressional leaders were asking questions even as US president Barack Obama promised to punish Russia for its actions and it was revealed that a group of Russian hackers had stolen login credentials from a US agency that tests and verifies voting equipment.

The infiltration methods triggered reminders about how to stop being infiltrated by suspicious emails, while those concerned with Internet of Things (IoT) device security didn’t miss a chance to point out that privacy protections for wearable devices are too weak.

Dozens of people were arrested in a multinational crackdown on DDoS perpetrators, while experts were offering tips to stay ahead of ransomware threats – and to understand how cybersecurity investigators are using maths to improve their identification of hackers.

A coalition of security researchers fighting ransomware added 30 new members and decryption tools for dozens of ransomware variants. Yet with non-malware attacks on the rise and too many companies doing little or no security testing, building up a broader

Industrial-products giant CSR explained how it had built a unified security defence in the cloud, while drone manufacturers were literally bringing better security to the cloud through an effort to issue drones with digital certificates. Facebook was also working with digital certificates, launching a tool that lets domain name owners find certificates issued without their knowledge.

Speaking of things happening without users’ knowledge, Evernote changed its policy to allow employees to read customers’ notes where necessary – but quickly changed its mind after a surge of complaints. Yet its idea – to use the notes to train machine-learning algorithms – reflects a growing trend that is also pushing hackers to find new ways to get around artificial-intelligence defences.

Data visibility is crucial to ensuring business continuity across the business-cloud boundary – particularly given findings of a new study that suggest nearly half of all Web sites pose security risks to visitors. Also posing security concerns were pagers, which offer a new way for businesses to be compromised by patient hackers with the right equipment.

Netgear routers were being exposed to hacking thanks to an unpatched vulnerability that the company rushed to fix, while Adobe fixed an actively exploited Flash zero-day and Microsoft moved to disable Flash altogether in its Edge browser.

There were warnings that Apple’s macOS file encryption can be easily bypassed, while McAfee enterprise AV for Linux was found to be suffering a number of remote-exploit bugs. This, as security pioneer John McAfee took Intel to court to stop it using his name until another name-related dispute can be resolved.

Tags FacebookBarack ObamaYahooUS electiondata breachesDonald Trumpdevice securityInternet of Things (IoT)Ashley Madison hackRussian electioncyber-payback

Show Comments