It’s a Vulnerable World: July 2015

Oh, the wonderful things hackers can do, especially when we let them. July 2015 has been a month of vulnerabilities, insecurities and computer malfunctions:

[Image: Yuri Samoilov]

July kicked off with the announcement that PandaLabs had detected more than 225,000 new malware strains every day from January to March 2015, a 40% increase over 2014’s Q1. The multinational security lab did not have specific numbers regarding Africa, but reported “It is safe to say that Africa has a high rate of infection, but a low targeted rate of attacks. One of the most common forms of malware currently being distributed is ransomware…Unfortunately the number of victims paying the ransom is growing and this is primarily due to the lack of backups and efficient backup procedures in Africa.”

July 8 proved to be a day of glitches in which separate computer malfunctions brought the New York Stock Exchange to a halt and grounded United Airlines flights. In both incidents, computers—not hackers—have been held accountable.

Security researchers Charlie Miller and Chris Valasek successfully hacked the controls of a Jeep Cherokee in motion, and estimated another 471,000 vehicles are similarly vulnerable to such an attack. Fiat Chrysler initially responded with a software update, but followed up in late July with a recall of 1.4 million vehicles. WIRED’s report on the hackable Jeep later snowballed into similar reports of vulnerabilities with GeneralMotors’ OnStar system, satellites and even sniper rifles.

The United States Federal Trade Commission filed a complaint on July 21 against Lifelock and accused the company of “continuing to make deceptive claims about its identity theft protection services” and “failing to take steps required to protect its users’ data.” The claim is especially worrisome given that Lifelock collects sensitive personal data including social security, credit card and bank account numbers.

[Image: Anthony Quintano]

Flyer beware: Dell reminded travelers that in-flight Wi-Fi is as insecure as any other public Wi-Fi.

HP Fortify released a study that revealed ten top smartwatches have significant security vulnerabilities, including insufficient authentication; lack of encryption; insecure interfaces, software and firmware; and privacy concerns. The study asked “whether smartwatches are designed to store and protect the sensitive data and tasks for which they are built.”

Elastica Cloud Threat Labs discovered phishing web pages on Google Drive and suggested Google’s Single Sign On (SSO) procedures for multiple services make it attractive to hackers. The report concludes, “While the cloud offers unprecedented benefits to its users, it is challenging the traditional security model, and necessitating a modern, flexible security stack designed to account for its borderless perimeter.”

If we've missed any July vulnerabilities, let us know in the comments below. Surf secure and stay Rando!