The week in security: 600,000 reasons for Mac users to be afraid

Cyber-attacks may have been adjudged to be one of the most serious security threats facing the world, and the nasties out there were certainly doing their part to make sure we didn't forget it. Credit-card payments processor Global Payments said that fewer than 1.5 million cards were affected by the recent data theft, but struggled with its corporate messaging in the wake of the significant breach. Authorities are definitely playing catch-up, as revelations emerged that one UK hacker was using hacked accounts for 20 months before he was busted and ultimately jailed for 26 months.

News of an unpatched Java vulnerability in Apple's Mac OS X led to a rapid patch to fix what is being hailed as perhaps the most serious attack yet on the operating system, via Flashback malware that's estimated to have infected more than 600,000 Macs (although some have questioned the numbers). Mozilla was also thinking about Java, blacklisting unpatched versions of the runtime environment from the Windows version of Firefox.

Meanwhile, another piece of malware, called Ice IX, was found to be tricking Facebook users into exposing their credit card details. Security firm Sophos took down a partner portal after it discovered signs suggesting the server hosting the portal had been breached. And while overall spam volumes were down by some measures, a fake US Airways email, masquerading as an online check-in confirmation, was distributing malware based on the ZeuS Trojan.

Vendors were doing their part to try to organise the industry's response to what has become a steady flow of malware. against several of its "most aggressive tool providers and spammers", while Adobe Systems released an open-source tool for classifying malware, and ARM joined Gemalto and Giesecke & Devrient to develop a common security standard for connected devices like tablets, smart TVs, games consoles and smartphones.

Some were questioning whether authorities should be looking into pre-installed antivirus "scams". The European Union's European Network and Information Security Agency (ENISA) offered a guide for improving security in cloud-computing contracts, while security vendor Sophos strengthened its capabilities with the purchase of mobile device management vendor Dialogs.

Mobiles could definitely use better management if the privacy violation masquerading as Girls Around Me, a new app that locates females in the vicinity, is any indication. Its makers copped criticism after the app's information sharing was slammed as a tool for stalking. US authorities were also homing in on Upromise, a university-savings site that was installing a browser toolbar on visitors' computers. The US-based Center for Democracy and Technology was also beating the privacy drum, warning that proposed US cyber security bills raised all kinds of civil-liberties concerns even as security bods gathered in Washington, D.C. to share the .

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about Adobe SystemsAdobe SystemsAppleetworkFacebookGemaltoMacsMozillaSophosTechnologyUpromiseUS Airways

Show Comments