The week in security: CSOs struggle with hidden threats, job stress

A capacity crowd of security executives attended CSO Australia’s SecureIT conference this month, with a compelling lineup that was kicked off by former LulzSec hacker Mustafa al-Bassam, whose exploits hacking top-tier businesses landed him in handcuffs at just 16 years old.

Big businesses, he said, may spend more on security but their complexity makes them easier to hack.

No wonder a security executive’s job is like being on Game of Thrones, as one CSO put it while warning of some very real consequences to the constant stress that the job entails.

Indeed, many CSOs are still struggling with the complexities of spotting malicious applications and their communications amongst an increasing volume of encrypted traffic – a topic into which a SecureIT expert panel delved with considerable depth.

Speaking of hidden threats, Not everyone thinks the ban on Chinese hardware maker Huawei – which is alleged to have questionable security practices due to its government links – is good for security.

Security executives admit they’re dropping the ball when it comes to controls over sensitive healthcare data.

Meanwhile, new research found that companies in Australia and New Zealand are incurring compliance risks due to their poor visibility into their own enterprise data.

That’s not the only persistent vulnerability that local companies are managing: data masking, experts argue, is also being implemented poorly or not at all – and that’s affecting efforts to reduce the incidence of data breaches.

Google was on the defensive arguing that its Manifest V3 Chrome plans aren’t just about protecting ad revenues by disabling ad blockers.

RAMBleed, a new variant of the Rowhammer data-corruption exploit, enables the theft of data such as encryption keys from memory.

Meanwhile, researchers were looking into the dangerous stalkerware app industry.

Media player VLC got a major security update, thanks to a significant bug bounty program that had more than a bit of attention.

An update to Windows 10 blocked Google Titan USB keys due to a flaw in their Bluetooth implementations.