Thursday 1 October 2015

It’s a Vulnerable World: late-September 2015

What’s not safe online? Just mobile payments, phone and text records, email, software, apps, passwords and websites. Oh, and whatever you do: don’t click on that link for the Facebook dislike button.

vulnerabilities, roundup, Facebook, dislike button, scam
Taking dislike to a new level: the fake Facebook button.
It didn’t take long for scammers to take advantage of murmurs of a Facebook dislike button: already circulating is a fake button with a tantalizing link to click on. In the wise words of one expert, “If an offer requires you to share or send it, before even showing you what it is, then it’s probably fake.”

The numbers are in: only 23% of cybersecurity experts believe mobile payments can
securely protect your personal information and 87% believe mobile payment data breaches will increase in the next year. The use of public Wi-Fi was found to be the greatest threat to mobile payment security.

When journalist Natalie O’Brien exposed security vulnerabilities in Vodafone Australia’s Siebel data system, the company responded by searching her phone and text records for her sources and then denied any wrong doing. Yes, Big Brother is watching us.

Cybersecurity pioneer and United States presidential candidate John McAfee reminded us that one thing is more powerful than an anti-phone-tapping blocker: human error. An alleged butt dial exposed his private conversation to the press. 

In case United States citizens were looking for more reasons to worry, we’ve found them: recent reports revealed insecurities in national health insurance marketplace HealthCare.gov; a government task force’s exploration into the possibility of inserting spyware on targeted phones via software updates; and the fact that government email, including that of the military and intelligence, remains insecure.

What will they think of next? In an attempt to circumvent U.S. regulations, Volkswagen installed software on 11 million vehicles that switched on to pass emissions testing and then off to enable high-polluting, powerful driving. 

passwords, security, wired, two-factor authentication
[Source: Wikimedia]
If you are the typical internet user, you have 24 different online accounts and should have a unique, complex, ever-changing-yet-memorized password for each. Not the case? You’re not alone. WIRED recommends adding an additional layer of security, such as two-factor authentication. 

Lending further evidence to the argument that even Apple cannot guarantee security, the iOS App Store has suffered an attack on hundreds of legitimate apps at the hands of malicious XcodeGhost. Expert Ryan Olson warned, “Developers are now a huge target.”

CEOs, beware: A recently discovered authentication bypass vulnerability in SAP AG’s Afaria mobile management system for businesses makes it possible for hackers to wipe clean or steal activity logs from employee phones.

A recent Citizen Lab study found yet another reason to not support South Korea’s mandated monitoring apps on minors’ cell phones: a host of vulnerabilities in the government-funded Smart Sheriff app include the easy interception of minors’ personally identifiable information and account credentials.

As always, let us know if there are any vulnerabilities we missed in the comments below. Surf secure and stay Rando!

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider.

No comments:

Post a Comment