The holidays in security: Breaches drive governments to bug bounties

Australia may have taken it easy for the holiday season, but hackers weren’t easing off during the festivities.

There were attacks, for example, on [[xref:https://www.computerworld.com.au/article/651157/cyber-attack-hits-us-newspaper-distribution/ |several major US newspapers]] while nation-state attackers [[xref:https://www.cso.com.au/article/650993/nation-state-attackers-fingered-exploiting-bug-twitter-anti-troll-tools/ |were fingered]] for exploiting a bug in Twitter’s anti-trolling tools.

US authorities [[xref:https://www.cso.com.au/article/651097/us-charges-two-chinese-nationals-massive-data-thefts-from-nasa-others/ |charging two Chinese nationals]] for massive data thefts from NASA and other firms – also drawing the ire of Australian authorities, who [[xref:https://www.computerworld.com.au/article/651096/australia-charges-china-with-backing-msp-hacking-campaign/| charged China]] with backing the campaign of intellectual property theft and managed service provider hacking.

These and other breaches followed on from [[xref:https://www.cso.com.au/article/650658/google-leak-affects-52-million-users-g-suite-users/ |a recent leak]] that affected 52 million Google+ and G Suite users, and revelations that [[xref:https://www.computerworld.com.au/article/651010/microsoft-amazon-yahoo-given-access-facebook-users-data-report/ |Facebook provided]] Microsoft, Amazon and Yahoo with special access to its users’ data.

It wasn’t the best leadup to a year that [[xref:https://www.cso.com.au/article/650755/evolving-threat-landscape-what-look-2019/ |is already expected]] to pose new challenges and frustrations for CISOs – least of all, compliance with 2018-era legislation that [[xref:https://www.cso.com.au/article/651114/leicester-tigers-recruit-thinkmarble-tackle-gdpr-compliance/ |continues to challenge]] many organisations’ existing privacy practices.

Singapore government agencies [[xref:https://www.cso.com.au/article/651105/singapore-agencies-partner-white-hackers-uncover-gov-t-systems-vulnerabilities/ |announced a partnership]] with local hackers to launch a bug bounty program that would highlight vulnerabilities in government systems, and the EU embarked on a similar project with [[xref:https://www.cso.com.au/article/651184/eu-launch-bug-bounties-14-open-source-projects/ |bug bounties]] for 14 open-source projects.

Secure-messaging firm Signal said [[xref:https://www.cso.com.au/article/650939/signal-we-can-t-comply-aussie-encryption-law-even-we-wanted/ |it couldn’t comply]] with Australia’s new encryption laws even if it wanted to – with suggestions that the law could lead to a ban on the Signal-derived WhatsApp.

Also working on the hardware front was a new USB-C security program designed to [[xref:https://www.cso.com.au/article/652735/new-usb-c-security-program-aims-squeeze-rogue-usb-c-devices-cables-chargers/ |block illegitimate USB-C devices]].

An audit by motherboard producer Supermicro [[xref:https://www.cso.com.au/article/650714/supermicro-third-party-motherboard-audit-finds-no-spy-chips/ |found no evidence]] of spying-focused hardware on its products.

Microsoft was also looking internally as it [[xref:https://www.cso.com.au/article/650842/microsoft-25k-ai-challenge-predict-which-windows-pcs-will-infected-malware/ |offered a $25k prize]] for those who can use artificial-intelligence techniques to predict which Windows PCs are most likely to be infected with malware.

Microsoft will also [[xref:https://www.cso.com.au/article/651040/windows-10-new-sandbox-soon-can-safely-run-untrusted-apps/ |add sandboxing capabilities]] to the next version of Windows 10, allowing malware researchers to safely run untrusted apps if they want to.

Tags governmentGoogle+twitterNASAbreachesprivacy practicesBug bountiesmanaged service provider hackinganti-trolling tools

Show Comments