The week in security: Lack of staff driving creative recruitment; Out-securing Dropbox
- 26 October, 2015 08:11
Global cloud-storage giant Dropbox certainly has global market share, but that hasn't dissuaded competitors like Senetas from developing security-focused alternatives that target Dropbox's balance of security and usability.
Experts were recommending caution when putting healthcare data into the cloud, not the least because security skills remain hard to find – forcing some security consultancies to recruit from overseas and get creative in their staff development plans to keep up with demand.
A number of Web sites running the Magento e-commerce platform were said to have been infected with code redirecting victims to the Neutrino exploit kit; Magento blamed the issue on unpatched older systems rather than a new hack.
Also on the targeted-attack front, Facebook raised eyebrows about a possible link to a Russian Adobe hack as it said it would start warning users if it feels their page is being targeted by state-sponsored attacks – such as the ones that China is reputedly launching just a day after it said it would no longer do so.
Also on the geopolitical security landscape, the EU and US were given 3 months to negotiate a new data-sharing agreement after the old one was struck down by a EU court.
Even as consideration of the most important hacks of the past few years highlights the changing threat landscape, a number of security vendors are working to improve endpoint protection, with Cylance expert Stuart McClure offering strong guidance in the area even as CSOs work to consolidate their endpoint and other security platforms.
Citrix was feting the certification of its mobile apps to carry PROTECTED level government data – world-first Australian effort that required rewriting under the watch of the company's global leadership. High-level monitoring of security practices is becoming increasingly common, by some accounts, although one PwC survey suggests that despite growing awareness just 45 percent of boards are actually getting involved in security planning.
Security experts were warning of the need to use stronger encryption, and warned of new malware that replaces your browser with a dangerous Chrome lookalike. And Apple was also clamping down on deceptive apps – pulling numerous iOS apps that were found to be mining private data from users' iPhones, as well as shutting down the first iOS 9 jailbreak and fixing a raft of other security issues.
Internet of Things (IoT) vulnerabilities remained a hot topic, with some suggesting that cyber insurance premiums could push IoT security standards forward. DARPA was looking into another way to boost IoT safety.
Google and Yahoo were tightening their spam filtering, while buyers of the notorious MacKeeper software were pushing for refunds en masse. Microsoft kicked off a bug-bounty program for part of its Visual Studio 2015 environment, while security experts were warning that bugs in the open-source timing protocol could be used to launch attacks on online targets by scrambling their clocks.