Tuesday 2 February 2016

It's a Vulnerable World: January 2016

Vulnerabilities this past month popped up in the places we’d least expect: dental software, Blackphones, thermostats and even Twitter shortlinks, just to name a few. Take note of the risks below and take time to protect yourself:

It's a Vulnerable World, vulnerability, vulnerability roundup, VPN, Secure Messenger, SumRando CybersecurityDental Software: Dentrix G5 has been proven to not live up to the industry-standard level of encryption that its advertising promised, leaving sensitive patient information insecure.
Hyatt Hotels: Malware compromised the payment card data at Hyatt hotel restaurants, spas, golf shops, parking, front desks and sales offices worldwide from August 13 to December 8, 2015. A list of locations affected can be found on Hyatt’s website.

Blackphones: Smart Circle’s Blackphone, the “private by design” smartphone, has a vulnerability of its own: an open socket was found to allow hackers to control functions such texting, calling and altering the phone’s settings.

Phone calls: The MIKEY-SAKKE voice encryption protocol, promoted by the British government as a secure way to communicate, is in fact “motivated by the desire to allow undetectable and unauditable mass surveillance.” MIKEY-SAKKE supports key escrow, which gives the government the very backdoor into phone conversations it was looking for.

Argentina, Brazil, Ecuador and Venezuela: For the last seven years, hacker group Packrat has been targeting political opposition and the independent press in these South American countries with malware, phishing and disinformation. Even more disconcerting is the fact that the attacks are thought to be carried out by government actors.

Nuclear power: 20 countries, including Argentina, China, Egypt, Israel, Mexico and North Korea, completely lack government regulations regarding protection of atomic weapons or nuclear facilities against cyberattacks. According to former United States Senator Sam Nunn, “There was great progress for six or so years. But it has slowed down. It’s hard to keep this subject on the front burner.”

IoT thermostats: The Google-owned Nest Learning Thermostat was found guilty of leaking homeowners’ zip codes. Rest assured, the bug has since been fixed.

Medium in Malaysia:
When Malaysia blocked the Sarawak Report in 2015, the investigative journalism news source turned to publishing its articles on Medium. Now, Malaysia has blocked all of publishing platform Medium, citing “false” reporting as the reason for doing so.

Twitter links: Choose your Twitter shortlinks carefully: disguised links to crashsafari.com have been circulating the platform. Accidentally click on one of them and your iPhone or iPad will shut down immediately.

Surf secure and stay Rando!

Want to know more about previous security vulnerabilities? Read on!
SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

1 comment:

  1. Thanks for compiling this list! Need to know that Twitter one.
    Olivia at http://www.ampronix.com/