Zero Day: Home Depot liability, Microsoft vs Google, endpoint risk in focus, DHS cyberfail

A collection of notable security news items for the week ending January 16, 2015. Covers enterprise, controversies, reports and more.
Written by Violet Blue, Contributor
zero day weekly

Welcome to Zero Day's Week In Security, our roundup of notable security news items for the week ending January 16, 2015. Covers enterprise, controversies, reports and more.

This week DHS failed in a cybersecurity overview, Google stopped security updates for nearly one billion users, Microsoft had a very unusual first Patch Tuesday of 2015, President Obama made cybersecurity moves, the Home Depot breach liability court battle lawsuit begins, and more.

  • Assessing DHS cybersecurity performance 12 years after its creation, a new Federal report called "A Review of the Department of Homeland Security's Missions and Performance" contains a blistering summary on the state of DHS cybersecurity. The report concludes that DHS's cybersecurity practices and programs are so bad, the DHS fails at even the basics of computer security and is "unlikely" able to protect both citizens and government from attacks.
  • After CES 2015, AT&T predicts that BYOD will hit an 'inflection point' in 2015, as security for connected devices could possibly weigh heaviest on telecommunications providers going into 2015. "In 2014, it was a topic starting to hit areas of concern, but we're ready to take off in terms of proliferation of Bring-Your-Own-Device," reflected AT&T's Andy Daudelin, vice president of security services for AT&T's Mobile Business Solutions team. "This is where destructive malware really becomes an issue."
  • Newly-discovered "Skeleton Key" malware is able to circumvent authentication on Active Directory systems, according to Dell researchers. The Dell SecureWorks Counter Threat Unit (CTU) team published their findings in an advisory notice this week. The team said attackers can use a password of their choosing to authenticate as any user -- before diving into the network and doing as they please.
  • For Microsoft's first Patch Tuesday of 2015, "the company released a total of eight new security updates (one rated Critical, the other seven rated Important) for Windows desktop and server editions. In addition, the company released an update to an Internet Explorer patch from last month and an update for the Adobe Flash Player component built into Internet Explorer 11." Ed Bott explains, "But this batch of patches is strikingly different from its predecessors in two respects."
  • Microsoft slammed Google this week for spilling the beans on Windows 8.1 security flaw. Charlie Osbourne details in her report, "The Redmond giant isn't exactly chipper after Google disclosed a Windows bug just two days before Microsoft planned to issue a fix."
  • John McAfee, the anti-virus pioneer, says he knows who is behind the attack on Sony Pictures and while he won't identify the group, guarantees it is not North Korea. Mr. McAfee claims to have been in contact with the group of hackers behind the devastating cyber-attack against Sony Pictures.
  • Home Depot court battle over data breach liability begins in Atlanta today: At least 44 lawsuits have been filed against The Home Depot since the home improvement giant confirmed its data breach last September. More than 30 of these have been consolidated into one court action which will be fought out in U.S. District Court for the Northern District of Georgia in Atlanta.
  • British Prime Minister David Cameron is taking his UK government campaign against encrypted communication to the White House. During a White House dinner Thursday and confab with President Obama Friday, Cameron is expected to press Obama to more publicly denounce the heightened encryption recently adopted by major tech companies like Facebook, Apple and Google.
Editorial standards