The week in security: Apple extortion attempt; can Blockchain protect medical devices?

The CSO Perspectives roadshow continued to crisscross Australia and New Zealand, with CSOs sharing strategies on dealing with ransomware attacks and speakers including BDO’s national leader for cyber security; this week sees the final events, in Sydney and Wellington.

Cebit was highlighting security in the wake of the revelations of Edward Snowden, whose former boss was offering tips on stopping insider threats.

Meanwhile, even as Wikileaks documents showed the CIA’s Mac and iPhone hacks, the US FBI was found to be actively investigating Russia’s attempts to influence the 2016 US election. Russia will strike US elections again, the agency warned.

The FBI also proposed a framework for access to encrypted data, while Blockchain was being flagged as a way to help secure medical devices even as Bitcoin – the currency that Blockchain enabled – was said to be a catalyst for a rise in social-media scams.

McDonald’s India was asking users to update its app after a report of a data leak, while password manager LastPass was fixing serious password leak vulnerabilities. And Google threatened to distrust a third of the Web’s SSL certificates after a stoush with certificate issuer Symantec.

The CSO of enterprise-collaboration gamechanger Slack said the company was “lucky” to have been breached early in its growth because it helped permanently reframe discussions about security. Experts were arguing that the US government could benefit from a similar awakening amidst calls for the country to get a federal CISO.

Bug-finding crowdsourcer Bugcrowd was explaining how bug bounties are calculated, while an F-Secure security researcher weighed in on the real threat of cyber espionage to businesses.

Even as businesses moved away from password-based authentication on the back of artificial-intelligence advances, IBM was setting up its Watson artificial-intelligence engine to patrol security on enterprise smartphones and IoT devices.

Blackberry developed a more secure version of the Samsung Galaxy S7, while researchers successfully escaped two virtual-machine sandboxes during the Pwn2Own hacking contest. Mozilla was also watching that contest, rapidly patching a Firefox vulnerability disclosed during the event and, one Web site owner complained, getting a bit too enthusiastic about labelling his unencrypted login page ‘insecure’.

Hackers threatened to wipe millions of Apple devices in a few weeks if the company doesn’t pay them $US150,000 ($A195,500). Apple said the credentials came from third parties and not a breach of its services, and argued that its Macs and iPhones had been patched to fix the exploits years ago.

Airlines in the United States banned electronics larger than a mobile for passengers coming from certain countries, with the UK following soon after. US lawmakers were also questioning the use of facial recognition technology by police,

There warnings that some HTTPS inspection tools could weaken overall security, while the Moodle CMS was also fingered as having vulnerabilities that could allow remote takeover. Also dangerous was Double Agent, an attack that can turn Windows antivirus software into malware that has numerous problematic capabilities.

Cisco was warning users to disable Telnet in a range of its switches until it could patch a new vulnerability laid bare in the CIA WikiLeaks exploit dump.

Tags ApplewikileaksBlockchainransomware attacksUS elections

Show Comments