The week in security: 457 changes hit security skills; 9 in 10 Aussie companies breached

Australian government moves to curb abuse of 457 visas had a concerning side effect as IT-security positions were relegated to a short-term visa category that offers no potential pathway to permanent residency – potentially making Australia a less attractive destination for overseas security talent.

Dreams of a password-less future are inching closer with Microsoft’s release of an app that facilitates sign-in to applications using the fingerprint scanner on your phone. It’s part of a growing reliance on biometrics and intelligent imaging that is also seeing growing use of selfies instead of passwords.

Flashlight apps have long been popular conduits for malware, and Google pulled two apps that were substituting fake sign-in pages for Australian banks – including the CBA, NAB, and Westpac – when users attempted to launch the real thing. This is the sort of thing that’s hard to beat with user education, no matter how good the user-education tools you choose. The problem is particularly compounded with surveys suggesting that the majority of users are willing to share sensitive information.

With ransomware now available on the black market for $US175 ($A132), it’s a piddling effort for cybercriminals to start their own ransomware franchise. Also popular among cybercriminals are Skype, Jabber, and ICQ – as well as an old Stuxnet-related bug that has proven successful in hitting unpatched computers.

As if the Internet of Things (IoT) security climate wasn’t already problematic enough, a new competitor to Mirai was proving even more adept at compromising home devices that continue to suffer security vulnerabilities like the flaws that allow Linksys routers to be compromised. A vigilante hacker is said to have built a worm to protect the IoT – but there’s little wonder that security is a big factor in Intel’s $US15b ($A20b) investment in the collision-avoidance space.

Indeed, cybersecurity breaches are nearly ubiquitous these days as figures suggest 9 out of 10 Australian organisations suffered a breach or attempted breach last year. Australian startup Wangle believes this security climate has created ripe opportunities for a mobile-optimisation stack that has been bundled into a commercial VPN product that is the first of many expected tools from the company.

Speaking of tools, a security researcher launched a utility that tests whether your computer has been infected with NSA spyware – even as Oracle released 299 security fixes in its latest update as it caught up with the leak of NSA hacks that included a Solaris exploit. Drupal fixed a critical access bypass vulnerability, while Google patched Chrome to address a phishing attack that transparently spoofed Apple.com by using internationalised domain names represented with non-Latin characters.