This week we find out how Lenovo’s file sharing app ended up with the hard-coded password of ‘12345678’, Symantec looks back at last year’s top five cybersecurity threats, and more.
Lenovo has released an urgent software fix after researchers at Core Security discovered four vulnerabilities in its ShareIT app, which lets users share files and folders between their devices.
One of the issues a hard-coded password flaw affecting Windows that leaves Wi-Fi hotspots open to exploitation.
“When Lenovo ShareIT for Windows is configured to receive files, a Wi-Fi hotspot is set with the password ‘12345678’. Any system with a Wi-Fi network card could connect to that hotspot by using that password. The password is always the same," explained Core Security.
Symantec’s team of security experts have looked back at last year’s cybersecurity threats and compiled a list of the top five security issues from 2015:
1. On January 21st a zero-day was exposed with the potential to impact more than one billion devices. Adobe Flash – a widespread Internet technology used in the build of more than 20,000 apps and 24 of the top 25 Facebook games – could be exploited by the Angler Exploit Kit.
2. Stemming from a vulnerability dating back to the year 2000, a security bug was disclosed on February 10th, leaving 300 million computers vulnerable to exploitation. The vulnerability, dubbed ‘JASBUG’, allowed hackers to remotely take control of domain-configured Windows devices, impacting core components of Microsoft’s Windows Operating System.
3. On June 2nd, firmware left all Macs shipped before mid-2014 subject to a vulnerability that allowed hackers to plant stubborn malware and take control of machines – even after formatting.
4. Seven critical vulnerabilities left 95 per cent of Android phones open to an attack delivered by a simple multimedia text. Most recipients would only need to view the malicious message to trigger the exploit, allowing an attacker to write code to the device and steal data from sections of the phone that can be reached through permissions available to Stagefright, a media playback tool in Android.
5. TalkTalk hit the headlines for a major security breach that saw 21,000 of its customers’ partial bank account numbers (and sort codes) stolen, some of which ‘sold’ online on the Dark Web. According to TalkTalk, a distributed denial of service (DDoS) attack – which overwhelms a website with traffic, taking it offline – was used as a smokescreen for the attack. Such common attack methods need to be acknowledged by organisations in 2016 to avoid history repeating itself.
Sennheiser has embarked on an initiative to offer premium noise cancellation headsets for markets requiring high levels of customer data confidentiality.
The firm will target vertical markets requiring secure solutions, such as healthcare, government, financial and legal sectors.
72 per cent of UK consumers online are concerned about the level of protection given to the personal information they share with brands and organisations online, according to a new survey commissioned by Informatica.
Following a string of high profile data breaches, ‘The State of the Data Nation’ research reveals that British consumers’ confidence in the ability of organisations to keep their personal data safe is worryingly low.
PandaLabs has revealed that it both detected and neutralised more than 84 million new malware samples throughout 2015. This is nine million more than the year previous, according to the corresponding data. The figure means that there were 230,000 new malware samples produced daily over the course of the year.
In other news:
– London-based start-up Accent Media has rolled out its new service Domains Watch which aims to protect rights holders and innovators within the global multi-billion dollar ticketing industry against the threat of cybersquatters.
– The UK Government has announced a new £250,000 programme to offer help, advice and support to UK cyber security startups.
– Glasswall Solutions and ZeroDayLab have partnered to launch a unique security offering that breaks in-bound files down to byte level to match them against manufacturers’ standard.
Image source: Shutterstock