The week in security: How Catholic Education secures SA schools; FBI cops heat on iPhone hacks
- 04 April, 2016 11:09
Australian online-classified site Gumtree was hacked and used to spread malware via online display ads, while a large US healthcare provider was shut down after a malware infection and only partially recovered days later.
Security experts warned, a new, custom-developed Dripiron backdoor was being used in targeted attacks against companies in several countries – making it just one of many threats that could pose issues for companies that are merging, which are proving to be tempting targets for cybercriminals.
Even as a US court vacated an order against Apple to help the FBI crack a terrorist suspect's iPhone, Apple requested a delay in a related case in New York until it can learn more about what was done. This was just one of more than 70 cases since 2008, it was revealed, in which the FBI had asked for the assistance of Apple and Google in unlocking smartphones during criminal proceedings in Arkansas and elsewhere; the American Civil Liberties Union (ACLU) even went to the effort of mapping the cases.
The FBI is reportedly turning its new method of cracking iPhone security to other devices – angering many who argue there is a public interest in Apple fixing the flaw; perhaps the feds should just look into MDM software – which, security researchers were warning, is susceptible to man-in-the-middle attacks between the MDM console and remotely-managed iOS devices.
An ethical-hacking firm revealed that it had been able to trick two-thirds of one company's employees into clicking on an attachment in an email sent to test the company's security defences.
Also from the employees-should-know-better file, US media network CNBC was found to be exposing visitors' passwords after it ran a poorly-considered system for checking the strength of passwords.
Little wonder there has been strong interest in privacy-preserving efforts such as Australian startup Meeco, which is expanding into Europe on the back of sizeable seed-capital funding. Oracle was put on a 20-year order by the US Federal Trade Commission, which forced the software company to be truthful about the security of updates for its Java SE software.
And one security expert was also being truthful, warning that developing effective systems for protecting car security would take years of concerted work. One vendor survey found that the use of centralised application authentication was boosting the business use of cloud applications; two-factor authentication is playing a part, but is not the only factor improving application security.
Catholic Education SA is among those steadily moving to embrace cloud conceits, with use of CAPTCHA and policy-based access control helping secure its proactive efforts to embrace remote access and deliver cutting-edge services to the most remote parts of the state.
Looking for a bit of career advancement? You're not alone, with one survey of cybersecurity professionals suggesting they may be lured away for new challenges, better pay, and more flexible working hours. How about a job at the US White House, which is looking for a CISO.
Among other things, you'll be working within an increasingly open context as federal authorities move on efforts to boost the quality of open source. You may also be busy cleaning up after the Department of Defense issued a 'please hack us' call to the Internet at large as part of a $US150,000 ($A196,000) bug bounty program.
Nasty new ransomware called Petya was found to be overwriting victim computers' master boot records, while a new tool from Bitdefender was said to prevent infections by a number of common ransomware programs.
Meanwhile, security firm FireEye was warning that hackers are stepping up efforts to attack point-of-sale systems before new defences can be put in place. A white-supremacist hacker showed why we need to be wary around Internet of Things (IoT) security, sending racist documents to thousands of publicly accessible printers.
A flaw in a widely-used door controller was said to allow easy unlocking of secure doors. And there were warnings that Linux-based home routers could be infected by a new worm called Remaiten, which exploits weaknesses in built-in Telnet servers.
Participate in this short survey on IT security strategies across the Australian market and go in the draw to WIN a 360Fly camera vailued at $689.