The week in security: Security fatigue bites users, CISOs as IoT exploits soar

There were concerns that enterprises were focusing too much on protecting themselves from sophisticated attacks and leaving themselves open to attackers utilising common techniques, while some analysts were warning that the incessant focus on security was causing password and security fatigue for users and CISOs alike. Little wonder many companies are keen to phase out passwords completely.

Even as the massive Yahoo data breach provided clarity for experts trying to pin down the cost of a data breach – which may, Verizon warned, include downgrading the purchase price for the company. Yahoo was also in hot water as legislators called for answers about its email surveillance program run in conjunction with the FBI.

The US government handed down its investigation into the massive Office of Personnel Management (OPM) breach, while thousands of online shops were being compromised for credit-card theft and a US-Indian business was charged with scamming consumers to pay for tech support they didn't need.

One security and scalability-minded CEO was lauding the continuing role of the mainframe in modern computing infrastructure. Also gaining continuing support was communal measuring-tools aide BSIMM, which is attracting a younger membership.

WikiLeaks dropped another collection of emails allegedly sourced from a Hillary Clinton staffer, while payments network SWIFT was dealing with the discovery of a second hack that led the G7 to jump into action and publish updated guidelines for protecting the global finance sector.

With Internet of Things (IoT) security proving elusive and devices regularly being compromised to help attackers target e-commerce and other sites at a record pace, European authorities are drafting new IoT security regulations to boost consumer confidence.

This, even as there were warnings that attackers were exploiting a 12-year-old bug to launch attacks, and that users could be spied upon by their own Apple Watches. Indeed, there are as many IoT security threats as there are IoT devices – which has driven road builders to closely consider the implications of broader sensor usage in the way they build roads into the future.

There were warnings that many 1024-bit encryption keys may have been based on prime numbers that intentionally created backdoors in a way that cannot be detected. Certificate issuers StartCom and WoCom were shaking up their management in the wake of findings that they had mis-issued a number of digital certificates.

American Civil Liberties Union claims suggested that Facebook, Instagram, and Twitter had been using a monitoring tool to give police data for tracking protesters. Russian president Vladimir Putin denied that his country is behind US election-related hacking.