Tuesday 3 May 2016

It’s a Vulnerable World: April 2016

It's a Vulnerable World, Vulnerability, SumRando VPN, SumRando Secure Messenger
If 2015 was the year the world became aware of just how dangerous cyber breaches can be, this past month proved that there is still work to be done in terms of prevention. Not only did an attack in the Philippines make last year’s OPM breach of 20 million personal records look like a minor leak, but governments have continued to fight against the one technology that keeps us all safe: encryption.

Philippine voters: If you thought the data breach of the United States Office of Personnel Management was bad, now there has been an attack more than twice its size: the personal information of 55 million registered voters in the Philippines was leaked in a recent hack of the Philippine Commission on Elections database.

China’s Great Firewall: Even the father of China’s Firewall knows that sometimes the best form of censorship is no censorship at all: during a recent talk at Harbin Institute of Technology, Fang Binxing turned to a VPN to access a website that otherwise would have been inaccessible.

WhatsApp spam filters and antivirus protection: WhatsApp just became more secure with the addition of end-to-end encryption. However, this added layer of protection also means that no filter will be available to stop spam messages or malicious links from landing in your inbox.

Blackberry Messenger: Vice News recently reported that Canada’s federal government accessed more than one million encrypted BlackBerry messages during a 2010-2012 investigation. What remains unclear is whether the master encryption key has since been changed, and to what extent the Canadian government continues to intercept messages.

Internet of Things: Beware of the latest advancements in cars, refrigerators and thermostats: Massachusetts Institute of Technology’s Stuart Madnick warned that the Internet of Things has grown no safer, despite its burgeoning popularity: “Part of the issue is the IoTs are so new, and there are so many challenges for the good guys in terms of trying to get them to work at all, that thinking really hard about cybersecurity is extremely difficult to factor into that.”

Kenyan government: Hacktivist group Anonymous has leaked data, including sensitive emails and letters, from the Kenyan Ministry of Foreign Affairs database. The act is a form of protest against the Kenyan government’s “corruption, child abuse and child labor."

Corporate offices: First there was phishing and now there is whaling. Increasingly, hackers are posing as corporate executives in order to ask employees to transfer money and send secure documents. Steve Malone of Mimecast reported on just how hard these threats are to detect: “There’s no way to spy that as bad. The content is human-written so a spam filter won’t pick it up and it’s hard to detect because there are no links or attachments.”

Hospital health records: Electronic health records have become yet another target for ransomware, largely because hospitals frequently lack the financial resources and cyber-awareness needed to guard against such attacks.

United States government employees: Not only did the FBI successfully unlock the much-scrutinized San Bernardino iPhone without Apple’s help, but Chinese hackers thanked the bureau for doing so. Fruit baskets, flowers and chocolates were delivered to United States government employees out of gratitude for making the world less secure: “Actually, the baskets and flowers that are coming into the office, those are pretty nice. I mean, yeah, what they symbolize is not great, but say what you will about semi-state-sanctioned hacking outfits in China, they really do have excellent taste in gift baskets. It’s the baskets that came directly to my house that were addressed to my wife and kids. Those were creepy, especially because they were so on point,” reported one gift recipient. 
Encryption: A discussion draft of the United States’ Compliance with Court Orders Act of 2016 argues that, “To uphold both the rule of law and protect the interests and security of the United States, all persons receiving an authorized judicial order for information or data must provide, in a timely manner, responsive, intelligible information or data, or appropriate technical assistance to obtain such information or data.” In other words, if this Feinstein-Burr bill passes, companies will be required to break their own encryption.
 Surf secure and stay Rando!

Want to know more about previous security vulnerabilities? Read on!
SumRando Cybersecurity is a Mauritius-based VPN, Web Proxy and Secure Messenger provider.

No comments:

Post a Comment