The week in security: Celebrities face Apple's naked truth

A major security breach was the last thing Apple needed in the leadup to the high-profile launch of its iPhone 6, and the “outraged” company was quick to argue that the leak of nude celebrity photos from its iCloud service was a targeted attack. Others said the leak was a reminder of the importance of two-factor authentication.

Even as Apple promised stronger security, investigators were looking into the hack and considered that a quick in iCloud's backups could have allowed access to files that users had deleted much earlier, while others were taking the opportunity to advise people how to keep their own selfies private.

Meanwhile, Twitter launched a bug-bounty program and LinkedIn added session-management and location-based security features that some said might have helped the celebrity victims of the iCloud leak. Yet the hackers were proving remarkably persistent, with a Russian-made tool able to automatically gather naked selfies from iCloud accounts.

A Gartner security conference was exploring a range of themes including the CISO agenda for 2014-15, the experiences of a former White House CIO, and a new user-centric approach to identity and access.

Hosting provider Namecheap was added to the list of companies compromised by use of a recently stolen list of usernames and passwords, while US hardware giant Home Depot said it was investigating a possible breach of payment data that observers later suggested could be the biggest breach ever.

Indeed, vulnerabilities continued to abound: IBM said the Heartbleed vulnerability from earlier in the year was still being exploited. Microsoft, for its part, was planning a critical update Internet Explorer update. And HP said the North Korean government was using foreign bases to launch cyberattacks against other countries.

Indeed, cybercrime was continuing to threaten as a multi-national front, with evidence suggesting that hundreds of UK companies had been used as fronts for a data-stealing campaign that targeted 300 SMBs in Germany, Austria, and Switzerland. Businesses are also at risk from unreported thefts of mobile devices, a new study warns. Strengthening the case for mobile security was a stash of text messages found during research on the KorBanker mobile malware.

While many may be worried about their exposure to vulnerabilities in credit-card storage systems, others may be surprised that their phone calls are being intercepted based on error messages from fake mobile phone towers. Another deceptive tactic – designing malware to reside only in memory so it can't be picked up during file scans – was also growing in popularity, while Telstra's first full-year Transparency Report showed that even the government was increasing its use of data snooping. The US, by contrast, may be headed in the other way with two top Obama administration officials supporting a bill that would end the bulk collection of telephone records in that country.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Tags Enex TestLabcybercrimeVulnerabilitiesLinkedInmobile securityAppletwittersecurity breachtwo-factor authenticationgermanycelebritiesiCloudGartner securityiphone 6austriaSwitzerlandCSO Australiadirectors for CSOApple's naked truthoutragedGartner security conferencenude celebrity photos

Show Comments