The week in security: Apple defends iOS 8 privacy as experts warn on Android browser

New statistics suggested that Australian and New Zealand businesses suffer 29 data-loss events every day, while Google reported a 19 percent jump in US government data requests in the first half of this year over the previous half.

Also on the privacy front, the attorney-general of the US state of Connecticut expressed concern about the privacy implications of the way the newly announced Apple Watch would handle consumers' health information. But Apple is more concerned with selling “great products” rather than selling customer information, CEO Tim Cook quickly rebutted; others, however, are concerned with the privacy implications of ever-smarter Internet-connected cars.

A new open-source project was looking to introduce easy-to-use messaging encryption, offering new security methods even as one security pundit predicted that the conventional username and password are on their way out. Apple was also revisiting its security practices, turning on iCloud's two-step verification in the wake of the theft of nude celebrity photos from the service last month. Others noted privacy improvements in Apple's new iOS 8 operating system that would provide a higher degree of protection to customers. The new operating system also fixes an issue that could allow attackers to take over Apple devices' wireless network authentication.

Twitter leveraged the results of its new bug-bounty program to patch a serious vulnerability that could have impacted advertising on its platform, while Adobe released previously-delayed security updates for its Reader and Acrobat software. Amazon patched a Kindle flaw that could open accounts to hackers.

To the consternation of many, a cross-site scripting flaw in the default Android browser was raising the spectre of further insecurity in older versions of the mobile operating system as experts identified popular apps that shared the flaw. Little wonder Google is turning on encryption by default in the upcoming Android L operating system.

Even as experts discussed how to boost security on the US government's HealthCare.gov site, an NSA-funded programming language was working to close long-standing security holes, while Samsung was doing its part by reducing the price of its Knox security and management software as well as introducing a new My Knox service for professionals.

New malware known as 'Tiny banker' was targeting US financial institutions while Citadel financial malware was targeting petrochemical companies and FinFisher 'government spyware' was reportedly into its fourth and most sneaky generation yet. Also on the government front, the UK appointed its first SME cyber-security 'czar' after a £4 million funding boost.

Meanwhile, charity organisation Goodwill Industries reported that hackers had evaded security systems at a payment-card processing centre for more than 18 months. Interestingly, this revelation coincided with a report that 48 percent of e-commerce and online retail businesses lost some type of finance-related information to cybercriminals over the last year. Home Depot was another, with a breach that the company admitted put 56 million payment cards at risk.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Tags Enex TestLabmalwareAndroidadobetwitteramazonsamsungkindleus governmentvulnerabilityiCloudsecurity practicesGoodwill IndustriesAustralian businessesApple watchtwo-step verificationsecurity updateshealth informationdata requestscyber-securityCSO Australiadirectors for CSO AustraliaAcrobat software£4 million fundingTiny bankerprivacy improvementsApple iOS 8Internet-connected carsiOS 8 privacyUS financial institutions(CEO Apple) Tim CookApple revisitingNew Zealand businessesKnox securityFinFisher 'government spyware

Show Comments