The week in security: Trump’s tweeting raises security concerns; half of SMBs just pay ransomware fees

Australian consumers are still pretty poor at securing their information but those same consumers are unforgiving of businesses that do the same, a new study suggests. Similarly, breaches of online megalith Yahoo had caused its acquisition by Verizon to be pushed back, reports suggested.

Smaller companies like Californian nursing school Gurnick Academy were also adapting their game plan in the wake of cybersecurity incidents, with a new report suggesting that half of SMB ransomware victims ended up paying what was asked of them.

US president Donald Trump’s border crackdown may have made news over the weekend with protests at airports across that country – but there are other things to worry about when flying, as this rogue’s gallery of items confiscated from fliers attests. Speaking of Trump, the new president was busy on the security front as new CIA director Mike Pompeo was sworn in. He was also offering good examples of the need for smartphone security, and what to do and what not to do when it comes to using Twitter securely.

Also on the political front, security analysts were backing prime minister Malcolm Turnbull’s claims that the government has been tracking Russian hackers for nearly a decade. And a court denied a US government appeal to a decision preventing the Department of Justice from extracting emails from Microsoft customers.

One security guru was convinced that on-premises security appliances are passé, while others were convinced that any kind of appliance is poised to cause problems as companies struggle to get or keep the skills needed to ensure Internet of Things (IoT) security.

Speaking of skills, there were warnings that some cybercriminals were piggybacking LinkedIn to distribute malware by posing as job seekers. Malware was also frequently embedded in free Android VPN apps, according to one study, while another report found that skimming and phishing were among the biggest data-compromise vectors in 2016.

Google began a security clampdown by beginning to sell its own digital certificates and adjusting Gmail to block JavaScript email attachments. Others were looking into ways to use human voices as an extra layer of security, or to apply artificial intelligence to use typing styles for security instead.

The use of Tor to scramble malicious botnets had some suggesting that ISPs may end up having to block all Tor traffic. Cybercriminal elements are apparently maintaining a blacklist of untrustworthy cybercriminals. Five cybercriminals from Europe and Asia were arrested for hacking into ATMs and stealing $US3.2m ($A4.2m), while a Kaspersky Lab employee was reportedly arrested in Russia on treason charges.

As if driving wasn’t dangerous enough today, there were concerns that drivers are extra vulnerable behind the wheels of their connected cars. Yet mobiles aren’t much safer, with Android malware HummingBad found again on Google’s Play Store. Similarly, Cisco was rushing to fix a bug in its WebEx browser extension that could open up customers’ entire computers to code execution attacks. And there were concerns that the once-dramatic Heartbleed problem may be more pervasive than was once thought.