Zero Day Weekly: IRS blames Russia, a loose Moose, Megaupload malware

A collection of notable security news items for the week ending May 29, 2015. Covers enterprise, controversies, application and mobile security, malware, reports and more.
Written by Violet Blue, Contributor

Welcome to Zero Day's Week In Security, our roundup of notable security news items for the week ending May 29, 2015. Covers enterprise, controversies, reports and more.

  • Security researchers have published proof-of-concept code for a major router vulnerability leveraging a popular driver to compromise millions of connected devices. Certain TP-LINK and Netgear devices are known to be vulnerable, but researchers believe devices from a range of manufacturers including IOGear, Western Digital, and ZyXEL are affected. For a full list of devices, check out the advisory.
  • Amid delivering better-than-expected third quarter earnings, Palo Alto Networks announced it is acquiring cybersecurity startup CirroSecure. Palo Alto Networks plans to use CirroSecure's resources to expand functionality on is own enterprise security platform for better guarding popular SaaS collaboration products from the likes of Salesforce.com, Google Drive, Box and Dropbox, among others.
  • China will prepare a five-year cybersecurity plan to protect state secrets and data, the official China Daily said on Thursday, citing a senior official of the Ministry of Industry and Information Technology. Such a plan could add to the challenges of foreign technology firms doing business in the world's second-largest economy, by prompting government agencies and companies to opt for domestically-made software.
  • The price of losing sensitive customer data is about to get a lot higher for Dutch companies: The upper house of the Dutch parliament has approved a new law that makes not declaring data breaches punishable with fines of up to €450,000. Whenever sensitive data is lost or stolen, companies now have to inform both the Dutch Data Protection Authority and those directly affected by the leak. Companies will have to give up information on the scale of the breach, the exact content lost, possible consequences, and what changes the company will make to prevent any future mishaps.
  • The NSA is testing gesture software for use as a possible replacement for passwords, and is looking at technology developed by Lockheed Martin called Mandrake Secure Gesture. Mandrake is computer software that features gesture recognition technology for use in user authentication and the encryption and decryption of digital files, including audio, video, text, binary, still images, graphics and multimedia files.
  • The director of the NSA said that encryption is not a bad thing - but that the authorities still need to be able to gain access to encrypted communications to protect the country's citizens. He added: "I certainly have great respect for those that would argue that they most important thing is to ensure the privacy of our citizens and we shouldn't allow any means for the government to access information. I would argue that's not in the nation's best long term interest, that we've got to create some structure that should enable us to do that mindful that it has to be done in a legal way and mindful that it shouldn't be something arbitrary."
  • Mozilla has included a feature in Firefox that can dramatically speed up web browsing, but you won't find it exposed as an official Firefox option. Instead, it's an experimental feature that must be manually toggled on. The privacy.trackingprotection.enabled setting is in about:config, which you can only reach after clicking past the stern "You might void your warranty!" warning. Ed Bott explains how it works, and asks, Is privacy protection impossible?
Editorial standards