If you like not getting hacked, bad news — pretty much nothing, from our web browsers to our operating systems, are hack-proof.
In just the last week, white hat hackers have found exploits in nearly everything that we use to connect to the Internet.
Gone in 10 Seconds
A security flaw known as Stagefright is back, and even more terrifying. Now going by the name Metaphor, it allows an attacker to hack an Android smartphone in as little as 10 seconds.
A video by the research team that discovered the exploit, NorthBit, shows how a simple phishing email can lead to a compromise in a matter of seconds:
Metaphor is estimated by NorthBit to work against a total of 275 million android devices.
Almost Every Browser You Love, Hacked At Pwn2Own 2016
Web browsers are our gateway to the Internet, making them a prime target for hackers.
Security researchers are well aware of this, which is why the topic of securing web browsers is getting a lot of attention.
A yearly competition dedicated to finding exploits in web browsers, Pwn2Own, lead participating security teams to find exploits in Safari, Edge, and Chrome. Their regular ticket in? Adobe Flash.
In addition to that, vulnerabilities were found in common Operating Systems. Six Microsoft Windows, five Apple OS X, and four new Adobe Flash vulnerabilities were reported.
You can watch recaps of the event below:
Staying Safe in a World Where Everything is a Potential Vulnerability
Fortunately for us, the ones who found these exploits are the good guys — the exploits have been reported, and steps will be taken to fix the vulnerabilities.
But more often than not, cybercriminals are finding their own exploits that work in real world scenarios. For example, all commonly used banking Trojans are able to completely bypass SMS-based two-factor authentication.
As always, the best defenses are:
1. Patch everything. The Metaphor exploit only works on older versions of Android- if you’re running the latest OS, you won’t have to worry
2. Exercise caution. Don’t click suspicious links or open weird emails — be as paranoid as possible, and it will help keep you safe.
3. For companies: build a strong data security infrastructure. A great way to figure out what your security needs are is to try and attain compliance with data security standards, like the PCI DSS or HIPAA.
On that note, one of the critical security needs for any business is the understanding of the company’s data flow. Knowing where your sensitive data is and securing it is undoubtedly one of the most important steps in data security, because you can only keep your sensitive data safe if you know where it is.
Ground Labs’ Enterprise Recon software goes a long way towards helping in this endeavor, so if you’re interested in trying our sensitive data management tool, click here to start a free trial.