CIO

The week in security: iCloud mistake heats up Apple vs US government iPhone encryption fight

Security news was dominated by the stoush between Apple and the US government, after a court ordered the company to find a way to access the locked iPhone of terrorist Syed Rizwan Farook. Apple refused in a very public open letter from Tim Cook, launching a case that could end up in the US Supreme Court.

In the midst of some confusing reports about the case – which wasn't the first time the government asked it to unlock an iPhone – the FBI refuted claims it was asking for an iPhone 'back door' while Apple CEO Tim Cook said the issue was about more than just encryption. Google weighed in on Apple's side even as experts said Apple could theoretically comply with the court order – although that got harder after system administrators remotely changed the phone's iCloud password.

This, as Apple backed down on the Error 53 issue that had confounded third-party iPhone repairs. New Android malware, sourced from Russian underground forums, targeted all Android phones except those in that country, and a new Android banking Trojan was also found to be ransomware. Meanwhile, a Russian hacking group called Pawn Storm was infecting Linux systems with a highly effective Trojan and new ransomware called Locky, which infects systems like the Dridex banking malware, was discovered.

Research suggested Americans and Romanians are the most compliant ransomware targets, a theory borne out after a hospital in Los Angeles paid a $US17,000 ransom to regain access to its encrypted files. Meanwhile, other surveys suggested that Australian executives are both deeply engaged in email security, and overconfident about their security posture. This, as others said business leaders were still in denial about cybersecurity threats.

IBM launched a new security-focused mainframe and a cloud-based service to help businesses set up blockchain networks, while HP reported that 2015 was marked by a large amount of collateral damage from cyber attacks.

Arctic Wolf launched its own cloud-based service – a home-built SIEM – while startup AttackIQ offered tools for testing for known weaknesses. Another startup, Cato Networks, offered a cloud-based network security solution from the cofounder of Check Point Security Technologies.

There were revelations that up to 46,000 digital video recorders, used for home and business surveillance, can be easily accessed by hackers due to their use of a hard-coded password. Also proving to have weak security was a home-security system from SimpliSafe, which can be disabled wirelessly by burglars from outside the target home.

Attackers were still targeting unpatched Magento installations by trying to get people to download a fake patch, while others found a way to circumvent protections in a FireEye security appliance that let them whitelist malware. A new update of the Xen Project hypervisor was found to be missing two security patches, while Google was warning sysadmins to patch Linux systems after finding a critical glibc bug that risks remote exploitation.

The US Department of Defense laid out plans to upgrade 4 million systems to Windows 10 by 2017 to boost its overall security posture, while a security company recently seeded Google Doc credentials online to monitor how they were distributed on the Dark Web.


With data increasingly being stored in the cloud, it’s critical to be able to evaluate and manage the security of cloud solutions. Dropbox's Solutions Architect team are teaming up with the Symantec Information Protection group to discuss the latest industry best practices.

Register here for the February 25th webinar on* Managing enterprise cloud security.

Join us at the CSO Perspectives Roadshow in March.

CSO is proud to present our international keynote speakers: Robert Lentz, former CISO of US Department of Defense discussing the evolution of Cyber Security and Graham Cluley, world- renown IT Security blogger and Analyst (UK) on the rise of Malware in our age. We will also be featuring our Security Awareness stream, where you will hear from the likes of NAB and ANZ, as they discuss the importance of staff and customer security awareness programs. We will have up to 18 different interactive Security Exchange discussions on a variety of different topics for you to choose from as you build your personalised agenda for the day. Join CSO for a day of networking with your peers, engaging and discussing topics relevant to you, hearing from some of the top worldwide IT Security leaders in the market and attending the exhibition floor to win some amazing prizes.