CIO

The week in security: Uber breach makes CSOs uber-nervous as click-happy users hunt Christmas bargains

The Australian Broadcasting Corporation (ABC) was in recovery mode after a data breach – due to the same Amazon Web Services S3 configuration mistake that recently caused the leak of 50,000 Australians’ data – saw the leak of thousands of users’ passwords.

Yet an even bigger revelation – that ride-sharing giant Uber had paid hackers $US100,000 ($A132,000) to delete a massive cache of 57m stolen user details in a breach that raised warnings from no less than the UK’s GCHQ – raised the stakes in the ongoing discussions about breach-disclosure obligations and the impact of security practices on cloud security.

Encryption practice is one of the most contentious, particularly since it seems nearly anything stored in the cloud is fair game for hackers these days. New figures suggested that few companies are encrypting their data, whether on premises or in the cloud, but that was expected to increase substantially as security strategists increasingly linked the non-encryption of data with corporate negligence.

As information-security strategists weighed up the biggest threats likely to cause problems in 2018 – and considered the mistakes that could cost them their jobs – they were also considering the potential impact of increasingly enthusiastic online shoppers, who also happened to be their company’s employees, on overall security profile.

Small businesses have proven to be vulnerable to such issues time and time again, with new offerings providing hope in the wake of a new survey finding that just 20 percent of Australian small businesses feel they have strong cybersecurity protection.

IBM contributed its growing body of threat-intelligence data to Quad9, an alternative DNS service that automatically blocks connections to IP addresses associated with malware activity.

Perpetrators of online dodginess were adding their own innovations, with fake Microsoft and Apple support adding mobile ‘click-to-call’ capabilities to their arsenals.

A fake Symantec security blog was found to be spreading macOS malware, even as Dell, Lenovo and HP moved to patch hundreds of devices hit by a buggy Intel embedded CPU.