The week in security: Google to shame HTTP users; Telstra's secret to finding cybersecurity staff
- 13 September, 2016 01:11
CISOs beware: a specially-built USB device can steal credentials even from locked Windows PCs after being inserted for just seconds. Also worrying is quantum computing, which is inching closer to reality and promises to compromise many core cybersecurity technologies.
Increasing user concern about whaling and the migration to Microsoft Office 365 cloud applications are driving strong demand for Mimecast solutions that led the company to deepen its investment in the Australian market.
This is little surprise given that executives believe security of cloud data is even more important than the user experience of those services. Yet the cloud shift is also seeing new forms of ransomware and other attacks that are being answered with new spearphishing-detection tools.
Yet despite all the scanners in the world, cybersecurity defences must always consider the human aspect of information security, experts continue to warn even as a high-profile investigative journalist warned that cybercriminals were undergoing a cyber criminal mind shift with implications for how CISOs defend their networks. Such issues also have implications for the oft-cited security skills gap, although Telstra says it's not that hard to find skilled people if you get a bit creative.
This, as the FBI arrested two hackers for stealing information on senior government officials – and as a US government audit found that the massive Office of Personnel Management (OPM) hack could have been avoided and experts weighed in on security requirements for that country's upcoming election.
The US investigated Russia on allegations that it was trying to hack that election, even as US president Barack Obama was bragging about the US government's cybersupremacy – which was seemingly reiterated by confirmation that the US did hack the Elysée Palace in 2012 – but reiterated his concerns about a cyber-arms race.
Presidential contender Donald Trump had no such scruples, calling for the US to expand its cybersecurity capabilities as part of a broad expansion of the military. Yet all US government agencies already face a requirement for stronger and more proactive cybersecurity capabilities, after data-protection guidelines were updated for the first time in over a decade – providing guidance for Australian companies charting their strategic security direction.
The Xen Project patched serious flaws in its virtualisation software while a bug in Sophos antivirus malware scanners triggered false positives on a critical Windows file, while Google offered a three-level Android patch that some worried could cause user confusion. Also confused were Web site owners who have been wondering why their site rankings have been dropping – and it's often thanks to changes in Google Safe Browsing technology. Google is also moving to mark HTTP connections as insecure in a subtle push to Web site owners to jump on the HTTPS bandwagon that will kick off in January.
There were suggestions that half of network management systems are vulnerable to cross-site scripting and SQL injection attacks, even as one security firm found itself in the legal crosshairs on allegations of a stock-tanking tactic in which the security firm claimed key medical products could be hacked in order to fund a short-selling scheme.
Intel moved to sell off its majority stake in its McAfee security unit, partnering with investment firm TPG to respawn the former McAfee security company – although original founder John McAfee may be ready to put a spanner in the works.
An audit of connected device security found that few manufacturers are taking it seriously, while reports from the field suggested that end users are equally lax when it comes to security as 99 percent of compromised user accounts come from password reuse. Many others are also surfacing as data hoarders revive and rework massive data sets compromised in breaches years ago.