Week in review: As new exploits emerge, surging breached-record count will explode in quantum future

Those of you thinking quantum computing is too far off to worry about, should spend a few minutes with an encryption engineer talking about the need for Post-Quantum Computing (PQC) algorithms. Without adopting a proactive defensive strategy now, you will soon realise, the data you’re encrypting today will be accessible by fast-evolving quantum computers within a decade.

Not that that will change anything for many companies, who are still being regularly ravaged as confidential information leaks – as in the case of a 200 million-record breach that is a reminder of the dangers of collecting too much data.

Even in Australia, the numbers are adding up. The latest quarterly review of Notifiable Data Breach (NDB) scheme activity showed that more than 10 million records were compromised in a single Australian breach – a major concern in a country of just 25 million.

Victoria’s Deakin University implemented a new ‘smarter SIEM’ that will both improve its network visibility and provide a user-friendly interface that will let network-security students learn their skills on a real, live network environment.

But data isn’t the only problem. New Intel CPU attacks were threatening to leak secrets thanks to a new CPU exploit called ZombieLoad.

Meanwhile, GCHQ’s NCSC identified a wormable bug so bad that Microsoft even took the extraordinary step of patching Windows XP – which it has not officially supported for years – to prevent an outbreak spreading through insecure legacy systems.

Social-engineering attacks continue to take their toll, adding insult to injury for a technology-using public that is still ignoring warnings about the security risks of free Wi-Fi.

Also posing security risks are a bunch of Cisco devices, which will need patching after researchers figured out how to break the company’s Secure Boot technology – yet the firmware patches won’t be available until November.

Apple’s latest iOS 12.3 version disabled support for Google’s Bluetooth Titan security key after it faced a security issue, while Extreme Networks was fighting back with machine learning-based security protection for Internet of Things (IoT) devices.

Copyright © 2019 IDG Communications, Inc.

The 10 most powerful cybersecurity companies