It’s a Vulnerable World: mid-September 2015

September’s vulnerabilities remind us that nothing—not your web camera, your email, your passwords and certainly not your coffee shop mobile web browsing—is safe anymore. Fortunately, SumRando Cybersecurity is here for you. The first 20 readers to email us at blog@sumrando.com will receive a stash of SumRando camJAMR webcam covers. Share these removable and reusable camera covers with your friends--trust us, they will thank you.

Is your camera covered? [Source: camJAMR]

Baby beware: Rapid7 has found a host of vulnerabilities, including those that leave camera streaming and settings exposed, in 9 different baby monitors.

Human error, one of cybersecurity’s greatest threats, was responsible for revealing the names and email addresses of nearly 800 recipients of an email newsletter, all registered at a London provider of HIV and sexual health services.

Adult Player proved that babies aren’t the only victims of camera hacking. The porn app doubled as picture-taking ransomware that demanded $500 in exchange for an unlocked phone.

United States courts required Microsoft to comply with a search warrant request for an email stored on a server in Ireland. Microsoft lawyer Joshua Rosenkranz said it well: “We would go crazy if China did this to us.”

China has taken measures to block Astrill, a VPN service widely used to circumvent the country’s Great Firewall, leaving many to wonder what next? 

Anonymous Africa claimed responsibility for Distributed Denial of Service (DDoS) attacks that shut down the Zimbabwe Herald and Africa Global’s news site. A tweet from Anonymous Africa declared the former an act of retaliation against the Herald’s support of “tyrant and murderer Mugabe.”

An Avast study found that internet users in Asia were more likely to use unprotected Wi-Fi than those in Europe or the United States and that nearly half of web browsing in Asia occurs on unprotected HTTP sites. Users worldwide rely on unsecured HTTP sites for mobile browsing.

KPMG’s Global CEO Outlook 2015 reported that 50% of CEOs surveyed feel their companies are either not prepared or partially prepared for a major cybersecurity event. The study also found that American CEOs are more confident in their capacities to prevent cyberattacks than those in Asia or Europe. 

Google, Mozilla and Microsoft will remove vulnerable RC4 encryption in early 2016, which means users’ messages will remain decryptable for a few more months.

The Ashley Madison debacle just got worse: the amateurs of Cynosure Prime managed to decode 11 million weakly-protected passwords from the site in just 11 days.

Senator Schumer believes there is work to be done.

In response to the recently acknowledged Excellus Blue Cross Blue Shield data breach, US Senator Charles Schumer pointed out, “The fact that this data breach was not discovered for 19 months just goes to show how sophisticated online hackers are and how much work we have to do when it comes to protecting our personal information.”

As always, let us know if there are any vulnerabilities we missed in the comments below.

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!