Recap 2015 — A Year of Security Vulnerabilities

HAPPY NEW YEAR WPSOS READERS!

The time to make new year res­o­lu­tions is here. The time to wave good­bye to 2015. The time of fresh begin­nings. The time to look back on the good and bad of the past year. And the time to review all that hap­pened and move on as a bet­ter ver­sion of your­self.

Con­trary to pop­u­lar opin­ion, it’s not always exter­nal hack attacks that do the most harm. Some­times it is inher­ent flaws in the sys­tem unno­ticed by users until the minute they are exploit­ed. Tech­world did a great piece on secu­ri­ty flaws of the year 2016 detail­ing acci­den­tal flaws in ser­vices lead­ing to attacks in 2015.

Google Android Flaws

Google’s Android plat­form for smart­phones has spread far and wide. Stretch­ing across sev­er­al man­u­fac­tur­ers has made it dif­fi­cult to push updates to all devices at the same time, lead­ing to mul­ti­ple secu­ri­ty issues. In the sum­mer of 2015, many secu­ri­ty flaws were made pub­lic, of which Stage­fright was the most dev­as­tat­ing. Fol­lowed by Stage­fright 2.0, it had a way of beat­ing Android 5.0 lockscreen’s secu­ri­ty code.

Anti-virus Flaws

Of all the anti-virus­es, the most flawed (yet pop­u­lar) AVG was first sin­gled out by an Israeli secu­ri­ty firm enSi­lo which dis­cov­ered a soft­ware flaw. It was patched in two days. How­ev­er, lat­er on a Google engi­neer found anoth­er flaw in AVG’s Chrome brows­er Web Tune-Up plug-in which allowed attack­ers to scour through entire brows­ing his­to­ries.

Juniper VPN ‘Back Door’ Flaw

Appar­ent­ly the VPN part of Juniper’s NetScreen fire­wall kit has had a back­door since 2012. A weak­ness in a piece of encryp­tion fur­ni­ture called Dual_EC_DRBG ran­dom num­ber gen­er­a­tor con­tained a soft­ware flaw that allowed the inser­tion of a back door.

 

Talk­Talk attacked thrice

The telecom­mu­ni­ca­tions com­pa­ny was attacked not just once, but thrice! Accord­ing to the com­pa­ny, ‘only’ 159,959 accounts were com­pro­mised, of which 15, 656 had their bank account details com­pro­mised.

Inde­pen­den­t’s ran­somware

Inde­pen­dent news blog was caught serv­ing Tes­laCrypt ran­somware by Trend Micro. The site was attacked sev­er­al weeks before Trend informed them.