SumNews

Showing posts with label It's a Vulnerable World. Show all posts

Tuesday, 3 May 2016

It’s a Vulnerable World: April 2016

It's a Vulnerable World, Vulnerability, SumRando VPN, SumRando Secure Messenger

If 2015 was the year the world became aware of just how dangerous cyber breaches can be, this past month proved that there is still work to be done in terms of prevention. Not only did an attack in the Philippines make last year’s OPM breach of 20 million personal records look like a minor leak, but governments have continued to fight against the one technology that keeps us all safe: encryption.

Philippine voters: If you thought the data breach of the United States Office of Personnel Management was bad, now there has been an attack more than twice its size: the personal information of 55 million registered voters in the Philippines was leaked in a recent hack of the Philippine Commission on Elections database.

China’s Great Firewall: Even the father of China’s Firewall knows that sometimes the best form of censorship is no censorship at all: during a recent talk at Harbin Institute of Technology, Fang Binxing turned to a VPN to access a website that otherwise would have been inaccessible.

WhatsApp spam filters and antivirus protection: WhatsApp just became more secure with the addition of end-to-end encryption. However, this added layer of protection also means that no filter will be available to stop spam messages or malicious links from landing in your inbox.

Blackberry Messenger: Vice News recently reported that Canada’s federal government accessed more than one million encrypted BlackBerry messages during a 2010-2012 investigation. What remains unclear is whether the master encryption key has since been changed, and to what extent the Canadian government continues to intercept messages.

Internet of Things: Beware of the latest advancements in cars, refrigerators and thermostats: Massachusetts Institute of Technology’s Stuart Madnick warned that the Internet of Things has grown no safer, despite its burgeoning popularity: “Part of the issue is the IoTs are so new, and there are so many challenges for the good guys in terms of trying to get them to work at all, that thinking really hard about cybersecurity is extremely difficult to factor into that.”

Kenyan government: Hacktivist group Anonymous has leaked data, including sensitive emails and letters, from the Kenyan Ministry of Foreign Affairs database. The act is a form of protest against the Kenyan government’s “corruption, child abuse and child labor."

Corporate offices: First there was phishing and now there is whaling. Increasingly, hackers are posing as corporate executives in order to ask employees to transfer money and send secure documents. Steve Malone of Mimecast reported on just how hard these threats are to detect: “There’s no way to spy that as bad. The content is human-written so a spam filter won’t pick it up and it’s hard to detect because there are no links or attachments.”

Hospital health records: Electronic health records have become yet another target for ransomware, largely because hospitals frequently lack the financial resources and cyber-awareness needed to guard against such attacks.

United States government employees: Not only did the FBI successfully unlock the much-scrutinized San Bernardino iPhone without Apple’s help, but Chinese hackers thanked the bureau for doing so. Fruit baskets, flowers and chocolates were delivered to United States government employees out of gratitude for making the world less secure: “Actually, the baskets and flowers that are coming into the office, those are pretty nice. I mean, yeah, what they symbolize is not great, but say what you will about semi-state-sanctioned hacking outfits in China, they really do have excellent taste in gift baskets. It’s the baskets that came directly to my house that were addressed to my wife and kids. Those were creepy, especially because they were so on point,” reported one gift recipient.

Encryption: A discussion draft of the United States’ Compliance with Court Orders Act of 2016 argues that, “To uphold both the rule of law and protect the interests and security of the United States, all persons receiving an authorized judicial order for information or data must provide, in a timely manner, responsive, intelligible information or data, or appropriate technical assistance to obtain such information or data.” In other words, if this Feinstein-Burr bill passes, companies will be required to break their own encryption.

Surf secure and stay Rando!

Want to know more about previous security vulnerabilities? Read on!

SumRando Cybersecurity is a Mauritius-based VPN, Web Proxy and Secure Messenger provider.

Wednesday, 27 April 2016

It’s a Vulnerable World: Panama Papers Edition

Panama Papers, SumRando Cybersecurity, VPN, Secure Messenger, Web Proxy

April 2016 kicked off with the largest data leak in history: 11.5 million documents from the database of offshore Panamanian law firm Mossack Fonseca. These “Panama Papers” have since disclosed the many ways wealthy individuals from around the world hide money and evade taxes, both legally and illegally.

In the last month, politicians have stepped down, newspaper editors have been fired and countless investigations have begun. As we wait to see exactly what comes of the Panama Papers, what’s clear is that the leak has already shed much-needed light on many behind-the-scenes practices.

Because of the Panama Papers, concerns have been raised, voices have been heard and action has been taken:

In Pakistan, opposition politician Imran Khan has responded to the Panama Papers leak by demanding a more thorough investigation of the role played by Prime Minister Nawaz Sharif and his children, who were cited as owning three offshore holding companies. Sharif stands by his innocence and has agreed to step down if a Supreme Court commission finds any wrongdoing. The government, in turn, questions the motives of those protesting Sharif: “Imran is just really desperate for any kind of shortcut to becoming prime minister and with these leaks he thinks he’s hit the jackpot,” critiqued a Pakistani minister.

Ecuadorian President Rafael Correa boasted in a tweet, “They spent almost a year looking for something against the Ecuadorian government and found nothing”—only to shortly thereafter learn that the Papers do in fact reference a 2012 investigation that involved both Correa and his brother, Fabricio. A presidential adviser has since refuted the claim: “The president is a very honest person. This is all absolutely false. And he’s not involved in any offshore company directly or indirectly.”

In Iceland, Prime Minister Sigmundur David Gunnlaugsson did not resign, but did step aside indefinitely in response to revelations of a private offshore company set up by he and his wife. More recently, Icelandic President Olafur Ragnar Grimsson has been found to have an offshore account, despite his claims otherwise.

In Kazakhstan, President Nursultan Nazarbayev and his family have been implicated by the Panama Papers, but the general prosecutor has decided not to pursue an investigation, claiming a lack of “reliable information.”

Approximately 500 well-known Indians have been cited in the Panama Papers. Some, like actress Aishwarya Rai Bachchan, question the legitimacy of the report, but are willing to comply with the ensuing investigation. For others, judgement day has already arrived: India issued a warrant for the arrest of ex-billionaire and corrupt businessman Vijay Mallya and then revoked his passport as well.

In Hong Kong, the Panama Papers have only revealed how precarious the state of free speech is. Ming Pao chief editor Keung Kwok-yuen was fired following his decision to feature Panama Paper information on the newspaper’s front page. The paper maintains the decision was merely in the interest of saving costs.

Jose Manuel Soria, Spain’s minister of industry, energy and tourism, resigned once information was revealed linking him to a Jersey-based offshore company. He has not been officially charged with a crime.

SumRando applauds the transparency and dialogue brought by the Panama Papers, especially for those countries whose concerns too often remain unsaid and unchecked.

Want the latest freedom of speech and cybersecurity news from around the world? Read on!

SumRando Cybersecurity is a Mauritius-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Wednesday, 6 April 2016

It’s a Vulnerable World: March 2016

SumRando Cybersecurity, VPN, Secure Messenger, It's a Vulnerable World, vulnerability

Android phones, iPhones, public Wi-Fi, oh my! Is anything safe anymore? March’s vulnerabilities have us convinced that it’s always the right time for a VPN and secure messaging:

Android phones: Not only have recent reports revealed that only 10% of Android phones are encrypted (as compared to 95% of iPhones), Kaspersky Lab has found Android operating systems 4.4.4 and earlier to be at risk for a “Triada” of malware: Ztorg, Gorpo and Leech. Nikita Buchka referred to the malware as “a new stage in the evolution of Android-based threats. They are the first widespread malware with the potential to escalate their privileges on most devices.” Triada has the ability to download, install, launch and modify applications.

iPhone encryption: Johns Hopkins researchers found a way to decrypt photos and videos sent via iMessage, a vulnerability that has since been patched with the release of iOS 9.3. The flaw that remains unfixed, however, is the vulnerability used by the FBI to break into San Bernardino shooter Syed Farook’s phone. Given that we can’t fix what we don’t know, this is one FBI secret that leaves us all less secure.

In-Flight Wi-Fi: Journalist Steven Petrow recently took advantage of American Airlines’ Gogo in-flight Internet to catch up on work while in the air, only to find that he was the one taken advantage of: following the flight, a fellow passenger confessed to hacking into and viewing the online communications of Petrow and several others on board. For Petrow, it was a lesson learned in always using a VPN when accessing public Wi-Fi.

The Right to Be Forgotten: Europe’s Right to Be Forgotten has been extended to all Google searches within the continent, but remains no match for searches conducted while logged into a non-European VPN server, as the protection does not extend elsewhere. In response, France’s CNIL, a privacy authority, fined Google 100,000 euros: “For people residing in France to effectively exercise their right to be delisted, it must be applied to the entire processing operation, i.e., to all of the search engine’s extensions.”

Latin America and the Caribbean: “Cybersecurity: Are We Ready in Latin America and the Caribbean?”, a study by the Inter-American Development Bank, the Organization of American States and Oxford University, has answered its own question with a resounding no. Of the 32 countries evaluated, only 7—Argentina, Brazil, Chile, Colombia, Mexico, Trinidad and Tobago and Uruguay—have reached even an intermediate level of preparation against cyberattacks, while 16 entirely lack a coordinated capacity to respond to cyberattacks.

Social Media in Turkey: Facebook, Twitter and other social media sites were banned in Turkey following a mid-March Ankara bombing that killed 37 people, but this is one country that has grown accustomed to finding workarounds for government censorship: Suraj Sharma tweeted, “Having to use a VPN again to access Twitter and other social media. Sad, very sad. Information doesn’t kill, never has. #Turkey.”

Social Media in Iran: In Iran, Facebook and Twitter are banned…except for when they’re not. “Of course officials, even lower-ranking ones, use VPNs. A friend of mine, who works in the Iranian parliament, told me that he had seen members of parliament use VPNs to access social networks and forbidden news sites. It’s crazy. These are the very same lawmakers who voted to ban social networks and decided on the penalties for using VPNs,” reported Iranian cybersecurity specialist Amin Sabeti. For everyone else, illegal internet access is punishable by up to a year in prison.

Women on dating websites: 11 South Africa-based Nigerians were arrested for involvement in an operation targeting divorced and widowed women, aged 40-60, on sites such as Match.com and pof.com. The ruse involved a “United States soldier” who, following months of online courtship, would ask for money to cover a medical emergency. Before being shutdown, the operation collected over 70 million South African rand.

Motor vehicles: The United States FBI and National Highway Traffic Safety Administration recently reminded car owners that their vehicles are only growing “increasingly vulnerable” to attack: “Modern motor vehicles often include new connected vehicle technologies that aim to provide benefits such as added safety features, improved fuel economy, and greater overall convenience. However, with this increased connectivity, it is important that consumers and manufacturers maintain awareness of potential cyber security threats.” Meanwhile, German researchers have their own concerns to share, specifically with ease of breaking into vehicles with keyless entry.

Healthcare.gov: The health insurance web portal for Americans without workplace coverage experienced 316 cybersecurity incidents between October 2013 and March 2015. Although to date no sensitive information has been leaked, Healthcare.gov remains vulnerable to attack.

Everyone!: Not only are we surveilled in our daily lives, that surveillance is so readily accessible that it has found its way into the art of Dries Depoorter. The Belgian artist’s exhibits include footage of Canadian jaywalkers, the recordings of American traffic cameras and side-by-side comparisons of Tinder and LinkedIn photos.

Surf secure and stay Rando!

Want to know more about previous security vulnerabilities? Read on!

SumRando Cybersecurity is a Mauritius-based VPN, Web Proxy and Secure Messenger provider.

Monday, 29 February 2016

It's a Vulnerable World: February 2016

It's a Vulnerable World, vulnerability, SumRando Cybersecurity, February 2016, VPN, Secure Messenger

Another month, another onslaught of Internet insecurities. The big news in February was the ongoing battle between Apple and the United States Federal Bureau of Investigation (FBI), but this short month also brought reports of vulnerabilities for airports, social media, faces and more:

Airport Wi-Fi: In an effort to demonstrate the danger of public Wi-Fi, Avast Software set up 3 fake Wi-Fi networks next to the Mobile World Congress registration booth at the Barcelona Airport. In 4 hours, Avast had the data of over 2,000 conference attendees. Gagan Singh of Avast advised, “With most Mobile World Congress visitors traveling from abroad, it’s not surprising to see that many opt to connect to free Wi-Fi in order to save money, instead of using data roaming services. When taking this route, people should utilize a VPN service that anonymizes their data while connecting to public hotspots to ensure that their connection is secure.”

Facebook Users and Non-Users: CNiL, the French data protection authority, has found Facebook guilty of collecting the information of non-users who visit public Facebook pages as well as collecting the sexual orientation and religious and political views of users without their explicit consent. CNiL has given Facebook 3 months to comply with the French Data Protection Act. If only the rest of the world were similarly looked after…

African Corporations and Governments: Hacktivist group Anonymous has targeted Rwanda, Uganda, South Africa, Zimbabwe, Tanzania, Sudan, South Sudan and Ethiopia in its latest attack on child abuse, child labor and internet censorship: “The focus of [Operation Africa] is a disassembly of corporations and governments that enable and perpetuate corruption on the African continent.”

Power Grids: Evidence has confirmed that a December blackout in Ukraine was in fact caused by a cyberattack. According to United States officials, such an attack is far from limited to the Eastern European nation, as power grids in countries such as the U.S. are no more secure.

Gmail: The security hasn’t changed, but it has become a bit more apparent. Gmail recently added a red unlock symbol to any emails that haven’t been authenticated by TLS encryption. Look for it: you may be surprised to discover how many insecure emails land in your inbox.

Social Media: February 18 brought not only elections, but also a shutdown of Facebook, Twitter and Whatsapp to Uganda, which was written off as a “security measure.” In response, a reported 1.5 million VPN downloads were used to access these valuable platforms on election day.

The Internet of Things: United States intelligence chief James Clapper is aware of the vulnerabilities found in IoT devices such as cars, appliances and power grids, but appears to view them in a positive light: “In the future, intelligence services might use the IoT for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials.”

Hospital Computer Systems: Vulnerabilities were found this month on both coasts of the United States. Ransomware forced the computers of a California hospital offline until the demanded $17,000. was paid and security researchers revealed the medical devices at a dozen Baltimore and Washington, DC hospitals to be vulnerable to attack.

Your Face: Artists Adam Broomberg and Oliver Chanarin have created portraits of over 100 Russians with Vocord FaceControl 3-D, a camera surveillance system. When utilized as intended, the cameras collect and identify the faces of passersby in crowded entrances to stadiums and train stations.

Surf secure, stay Rando and check out our Leap Year special: 12 months of SumRando Platinum VPN (unlimited data) for only $29 USD!

Want to know more about previous security vulnerabilities? Read on!

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider.

Tuesday, 2 February 2016

It's a Vulnerable World: January 2016

Vulnerabilities this past month popped up in the places we’d least expect: dental software, Blackphones, thermostats and even Twitter shortlinks, just to name a few. Take note of the risks below and take time to protect yourself:

Dental Software: Dentrix G5 has been proven to not live up to the industry-standard level of encryption that its advertising promised, leaving sensitive patient information insecure.

Hyatt Hotels: Malware compromised the payment card data at Hyatt hotel restaurants, spas, golf shops, parking, front desks and sales offices worldwide from August 13 to December 8, 2015. A list of locations affected can be found on Hyatt’s website.

Blackphones: Smart Circle’s Blackphone, the “private by design” smartphone, has a vulnerability of its own: an open socket was found to allow hackers to control functions such texting, calling and altering the phone’s settings.

Phone calls: The MIKEY-SAKKE voice encryption protocol, promoted by the British government as a secure way to communicate, is in fact “motivated by the desire to allow undetectable and unauditable mass surveillance.” MIKEY-SAKKE supports key escrow, which gives the government the very backdoor into phone conversations it was looking for.

Argentina, Brazil, Ecuador and Venezuela: For the last seven years, hacker group Packrat has been targeting political opposition and the independent press in these South American countries with malware, phishing and disinformation. Even more disconcerting is the fact that the attacks are thought to be carried out by government actors.

Nuclear power: 20 countries, including Argentina, China, Egypt, Israel, Mexico and North Korea, completely lack government regulations regarding protection of atomic weapons or nuclear facilities against cyberattacks. According to former United States Senator Sam Nunn, “There was great progress for six or so years. But it has slowed down. It’s hard to keep this subject on the front burner.”

IoT thermostats: The Google-owned Nest Learning Thermostat was found guilty of leaking homeowners’ zip codes. Rest assured, the bug has since been fixed.

Medium in Malaysia: When Malaysia blocked the Sarawak Report in 2015, the investigative journalism news source turned to publishing its articles on Medium. Now, Malaysia has blocked all of publishing platform Medium, citing “false” reporting as the reason for doing so.

Twitter links: Choose your Twitter shortlinks carefully: disguised links to crashsafari.com have been circulating the platform. Accidentally click on one of them and your iPhone or iPad will shut down immediately.

Surf secure and stay Rando!

Want to know more about previous security vulnerabilities? Read on!

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Monday, 4 January 2016

It’s a Vulnerable World: December 2015

It's a Vulnerable World, Internet insecurity, security vulnerability, SumRando Cybersecurity

[Source: EFF Graphics]

For many, January means a fresh start, but December’s Internet insecurities are far from over. 2015 rounded out with threats to nearly every facet of everyday life, including the basic acts of using a credit card, logging onto a computer and accessing a favorite website. At risk are:

Windows Users: Users who login to Windows 10 via a Microsoft account (i.e. most users) unknowingly upload a copy of their recovery key to Microsoft’s servers, which can be used to access information that would otherwise be protected by encryption. In the words of cryptography professor Matthew Green, “Your computer is now only as secure as that database of keys held by Microsoft, which means it may be vulnerable to hackers, foreign governments, and people who can extort Microsoft employees.”

Android Devices: Symantec recently discovered Android.Spywaller, malware pretending to be a well-known Chinese antivirus app that actually steals information from infected Android devices.

Outdated Encryption Lacking “Salt”: 3.3 million user accounts were leaked from Hello Kitty-owner Sanrio’s database. Much remains unknown about the data breach, but one thing is clear: the compromised passwords were encrypted with now-deprecated SHA-1 hashing and lacked an extra layer of security known as “salt”.

International Officials: Private data including names, phone numbers, usernames, email addresses and secret questions and answers of over 1,400 officials at the UN’s Paris climate talks were made public by Hacktivist movement Anonymous. The leak was in response to the arrest of approximately 100 protesters on November 29. Weak encryption was found to be at least partially to blame.

German and Turkish Banking: Security researcher Karsten Nohl found flaws that compromise personal identification number (PIN) codes, transactions and funds in German retail payment systems. In Turkey, a two-week attack thought to be carried out by Anonymous repeatedly disrupted credit card transactions and banks in general.

Internet of Things: A study of 4,000 IoT devices from 70 different manufacturers revealed only 580 unique keys, the result of sharing, leaking and/or stealing code. Motherboard summarized the situation well: “Imagine an apartment building of 4,000 rooms but with only 580 different locks; the odds would be pretty good that your neighbor and you share the same front-door key. It’s a bit unsettling.” These static keys most affect devices in the United States, Mexico and Brazil.

Mobile Apps: Wandera revealed that 16 travel and leisure companies, collectively serving 500,000 users per day, had failed to use the encryption necessary to protect credit card information when submitted via a mobile app or website. To date, only easyJet, Chiltern Railways, San Diego Zoo, CN Tower, Aer Lingus, Air Canada and SISTIC have remedied the issue.

World Wide Web: Malvertising, when hackers buy ad space on otherwise trustworthy websites, became increasingly common in 2015. By taking advantage of computer vulnerabilities, hackers only need users to open a website in order to steal financial information or lock files in exchange for ransom.

As always, let us know if there are any vulnerabilities we missed in the comments below.

Want to know more about previous security vulnerabilities? Read on!

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Tuesday, 1 December 2015

It’s a Vulnerable World: November 2015

It's a Vulnerable World, security vulnerabilities, Africa, Middle East

November was a month filled with insecure phones, credit cards and websites of all kinds.

The big trend, however, was the growing threat of cybercrime to Africa and the Middle East. The BBC called cybercrime Africa’s “next big threat”; a Fire Eye report found that cybercrimes doubled in the Middle East, Africa and Turkey in the first half of 2015; and ACLU principal technologist, Chris Soghoian, argued, “We now find ourselves in not just a digital divide but a digital security divide. The phone used by the rich is encrypted by default and cannot be surveilled, and the phone used by most people in the global south and the poor and disadvantaged in America can be surveilled.”

With that in mind, we bring you November’s vulnerability roundup:

Android phones: Google is capable of unlocking all Android phones prior to Android 5.0 that utilize a pattern lock. Protect yourself by switching to a PIN, password or fingerprint lock.

Credit card numbers: Security researcher Samy Kamkar cracked the code to American Express credit cards, enabling him to predict future card numbers. “The day that card is cancelled, as soon it gets rejected, two seconds later I know what your new number and expiration date will be. If I were doing fraud, that would be pretty useful,” Kamkar said.

Linux-based operating systems: Ransomware Linux.Encoder.1 has been found to target Linux-based operating systems, demanding a one Bitcoin/$500 ransom. If there remains any uncertainty about the future of ransomware, a recent Intel Security report predicted it will be 2016’s greatest threat to cybersecurity.

Dating websites: In case Ashley Madison wasn’t evidence enough of the insecurity of dating websites, Tantan (the Tinder of China) was recently found guilty of not encrypting or otherwise protecting phone numbers, passwords, gender, sexual orientation, interests and hobbies listed on the website.

…And nearly all other websites: A study done at the University of Pennsylvania revealed that “nearly 9 in 10 websites leak user data to parties of which the user is likely unaware.” The data, in turn, is leaked to 9 domains on average.

...And software of all kinds: Zerodium, a broker of “zero day exploits” (hacker techniques), has brought attention to the hush-hush market by publishing a list of going rates. The price for cracking a browser such as Chrome, Internet Explorer, Tor, or Firefox is $30,000; for an Android or Windows phone is $100,000; and for an Apple iOS phone is $500,000. Zerodium’s customers, in turn, are corporations and government organizations.

Data collection: The data breach of childrens’ technology firm VTech compromised the information of 5 million parents and 200,000 children, including profile photos, audio files and chat logs, leaving many to wonder why there was so much information to steal. Mark Nunnikhoven of Trend Micro wisely advised, “Don’t collect data because it might be useful at some point. This opens the organizations up to unnecessary risk.”

As always, let us know if there are any vulnerabilities we missed in the comments below.

Want to know more about previous security vulnerabilities? Read on!

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Monday, 2 November 2015

It’s a Vulnerable World: October 2015

October’s insecurities bring more tricks than treats, leaving the entities that sustain modern society—Wi-Fi routers, the cloud, nuclear facilities, telecom companies and even clocks—open to attack.

Journalists: Not one, but two tools advertised to protect journalists’ communications were found to be not-so-secure this month: TrueCrypt, a disk encryption software program, has taken responsibility for its recently discovered threat to Windows computers’ security and included a disclaimer on its homepage: “WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues”; conversely, Reporta’s website boasts its technology was designed “to empower journalists working in potentially dangerous conditions to quickly implement their security protocols with the touch of a button,” yet in response to numerous concerns from security experts, Executive Director Elisa Lees Munoz acknowledged the technology is still a “work in progress.”

Wi-Fi routers: Linux.Wifatch has brought a whole new meaning to malware. Wifatch has illegally infected more than 10,000 unprotected routers, but with the purported intention of making them more secure. Nonetheless, when Symantec asked the anonymous hacker whether s/he could be trusted, the response was: “Of course not, you should secure your device.” Routers have been infected worldwide, in countries including China, Brazil, Mexico and India.

Cloud computing proves yet again to be insecure. [Source: FutUndBeidl]

The cloud: “Seriously, get off my cloud! Cross-VM RSA Key Recovery in a Public Cloud,” a study published by the Worcester Polytechnic Institute, demonstrated how a hacker could steal encryption keys in Amazon Web Services’ cloud. Amazon argued that the flaw, since fixed, did not represent a real-world vulnerability. Security scientist Yehuda Lindell countered: “Although a difficult attack to carry out, this further highlights the fact that secret keys are vulnerable, wherever they may be. They are even more vulnerable in cloud and virtualized environments where you have less direct control.”

Nuclear power stations: A recent Chatham House report found that nuclear facilities are at an elevated risk for cyberattacks, as standard security precautions—such as air gapping, training for personnel, and proactive cybersecurity policies—are largely lacking.

Wireless printers: Singapore researchers successfully hacked a wireless printer with only a drone and a mobile phone, proving that even the most hard-to-reach offices are none too secure. Let this be your reminder to check your printer’s security settings.

Siri and Google Now: For those who tend to keep microphone-enabled headphones plugged into their phones, know that French researchers can convert the headphone cord into an antenna and then use Siri or Google Now to “make calls and send texts, dial the hacker’s number to turn the phone into an eavesdropping device, send the phone’s browser to a malware site, or send spam and phishing messages via email, Facebook, or Twitter.” A word to the wise: disable Siri or Google Now from your lock screen now.

Telecom companies: TalkTalk is determined to prove why companies should not store their users’ data: the U.K. telecommunications and Internet provider has suffered its third hack in the past year. This time, the unencrypted names, email addresses and phone numbers of 1.2 million users were stolen, along with dates of birth and obscured credit and debit card details.

Data manipulation comes to computer clocks. [Source: Back to the Future, Part II]

Clocks: Keeping with a growing trend of manipulating data rather than simply stealing it, Boston University security researchers have shown it is possible for hackers to attack the Network Time Protocol (NTP) of a computer system in order to change the system’s time and also to prevent the synchronization of clocks via a denial of service attack. Back to the future, indeed.

As always, let us know if there are any vulnerabilities we missed in the comments below.

Curious about additional security vulnerabilities? Read on!

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!