The holidays in security: Breaches drive governments to bug bounties

Australia may have taken it easy for the holiday season, but hackers weren’t easing off during the festivities.

There were attacks, for example, on [[xref: |several major US newspapers]] while nation-state attackers [[xref: |were fingered]] for exploiting a bug in Twitter’s anti-trolling tools.

US authorities [[xref: |charging two Chinese nationals]] for massive data thefts from NASA and other firms – also drawing the ire of Australian authorities, who [[xref:| charged China]] with backing the campaign of intellectual property theft and managed service provider hacking.

These and other breaches followed on from [[xref: |a recent leak]] that affected 52 million Google+ and G Suite users, and revelations that [[xref: |Facebook provided]] Microsoft, Amazon and Yahoo with special access to its users’ data.

It wasn’t the best leadup to a year that [[xref: |is already expected]] to pose new challenges and frustrations for CISOs – least of all, compliance with 2018-era legislation that [[xref: |continues to challenge]] many organisations’ existing privacy practices.

Singapore government agencies [[xref: |announced a partnership]] with local hackers to launch a bug bounty program that would highlight vulnerabilities in government systems, and the EU embarked on a similar project with [[xref: |bug bounties]] for 14 open-source projects.

Secure-messaging firm Signal said [[xref: |it couldn’t comply]] with Australia’s new encryption laws even if it wanted to – with suggestions that the law could lead to a ban on the Signal-derived WhatsApp.

Also working on the hardware front was a new USB-C security program designed to [[xref: |block illegitimate USB-C devices]].

An audit by motherboard producer Supermicro [[xref: |found no evidence]] of spying-focused hardware on its products.

Microsoft was also looking internally as it [[xref: |offered a $25k prize]] for those who can use artificial-intelligence techniques to predict which Windows PCs are most likely to be infected with malware.

Microsoft will also [[xref: |add sandboxing capabilities]] to the next version of Windows 10, allowing malware researchers to safely run untrusted apps if they want to.

Tags Google+twitterNASAbreachesprivacy practicesBug bountiesmanaged service provider hackinganti-trolling tools

Show Comments