Tuesday, 1 December 2015

It’s a Vulnerable World: November 2015

It's a Vulnerable World, security vulnerabilities, Africa, Middle EastNovember was a month filled with insecure phones, credit cards and websites of all kinds.

The big trend, however, was the growing threat of cybercrime to Africa and the Middle East. The BBC called cybercrime Africa’s “next big threat”; a Fire Eye report found that cybercrimes doubled in the Middle East, Africa and Turkey in the first half of 2015; and ACLU principal technologist, Chris Soghoian, argued, “We now find ourselves in not just a digital divide but a digital security divide. The phone used by the rich is encrypted by default and cannot be surveilled, and the phone used by most people in the global south and the poor and disadvantaged in America can be surveilled.”

With that in mind, we bring you November’s vulnerability roundup:
Android phones: Google is capable of unlocking all Android phones prior to Android 5.0 that utilize a pattern lock. Protect yourself by switching to a PIN, password or fingerprint lock.

Credit card numbers: Security researcher Samy Kamkar cracked the code to American Express credit cards, enabling him to predict future card numbers. “The day that card is cancelled, as soon it gets rejected, two seconds later I know what your new number and expiration date will be. If I were doing fraud, that would be pretty useful,” Kamkar said.

Linux-based operating systems: Ransomware Linux.Encoder.1 has been found to target Linux-based operating systems, demanding a one Bitcoin/$500 ransom. If there remains any uncertainty about the future of ransomware, a recent Intel Security report predicted it will be 2016’s greatest threat to cybersecurity.

Dating websites: In case Ashley Madison wasn’t evidence enough of the insecurity of dating websites, Tantan (the Tinder of China) was recently found guilty of not encrypting or otherwise protecting phone numbers, passwords, gender, sexual orientation, interests and hobbies listed on the website.

…And nearly all other websites: A study done at the University of Pennsylvania revealed that “nearly 9 in 10 websites leak user data to parties of which the user is likely unaware.” The data, in turn, is leaked to 9 domains on average.

...And software of all kinds: Zerodium, a broker of “zero day exploits” (hacker techniques), has brought attention to the hush-hush market by publishing a list of going rates. The price for cracking a browser such as Chrome, Internet Explorer, Tor, or Firefox is $30,000; for an Android or Windows phone is $100,000; and for an Apple iOS phone is $500,000. Zerodium’s customers, in turn, are corporations and government organizations.  

Data collection: The data breach of childrens’ technology firm VTech compromised the information of 5 million parents and 200,000 children, including profile photos, audio files and chat logs, leaving many to wonder why there was so much information to steal. Mark Nunnikhoven of Trend Micro wisely advised, “Don’t collect data because it might be useful at some point. This opens the organizations up to unnecessary risk.” 

As always, let us know if there are any vulnerabilities we missed in the comments below.

Want to know more about previous security vulnerabilities? Read on!

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

No comments:

Post a Comment