What a month it’s been. July 2015 will probably come down in infosec history thanks to the Hacking Team hack, which rocked whole governments and countries. The Hacking Team leak also made everyday internet users realize that maybe those Facebook private messages and Twitter DMs aren’t as private as previously thought. If the 400GB Hacking Team data leak wasn’t enough, on July 15, dating website Ashley Madison was also hacked with the perpetrator dumping some of the stolen data online. Initial reports said that the hacker had the details of 37 million accounts.
Ready for some more? Countdown with us the top 10 hacks, attacks, bugs and vulnerabilities that happened in the month of July.
1) The Hacking Team hacked
The July hack sent shockwaves that were felt through every corner of the infosec world. It happened on an unassuming Sunday evening when a tweet on the Hacking Team Twitter page was posted saying “Since we have nothing to hide, we’re publishing all our e-mails, files and source code.” The tweet also included a torrent link to 400GB of data. The company attacked, Hacking Team, is an Italian firm that sells surveillance tools to governments and law enforcement agencies. Hacking Team has come under attack for selling their software to oppressive regimes, and their continuous denying of their practices seems to be the motive behind the hack.
2) Cheating site breached
On July 19, Ashley Madison of the “Life is short. Have an affair” tagline fame had their systems compromised, and reports revealed that records of the 37 million users of the hookup website could be leaked. The Impact Team claimed to be responsible for the hack, and this attack came about after Avid Life Media lied about the complete deletion of user accounts – something the company was charging users for.
3) High speed data hacks
In the most unsportive of manners on July 14, during the Tour de France, Team Sky suffered a breach possibly to get into the training logs of Chris Froome who won last year’s Tour de France. Even though he has always insisted he is clean, Froome found himself in the middle of terrible allegations about his performance. The breach is believed to have something to do with these allegations.
4) Harvard University breach
On the first of the month, Harvard University revealed it suffered a breach which had been discovered back on June 19. The breach affected the Faculty of Arts and Sciences and Central Administration, and while personal data is believed to be safe, Harvard login credentials may have been affected.
5) Cryptowall served via Google Drive
In yet another ‘your antivirus won’t protect you from this threat’ episode, at the beginning of the month reports revealed that a new campaign is serving up CryptoWall 3.0 by abusing Google Drive vulnerabilities. The campaign was uncovered by Heimdal Security who said, “If the victim’s system is not fully updated with the latest version of the software mentioned above [JavaJRE, Adobe Reader, IE and Flash Player], the RIG exploit kit will drop a file that contacts a series of predefined Google drive URLs.”
6) Plex data held for ransom
On July 2, Plex sent an email to its subscribers notifying them that the movie streaming service had been hacked and its data held for ransom. The attackers claimed they had control of the server hosting the user forums. However, Plex confirmed that all passwords were ‘hashed and salted.’ Plex declined to pay the ransom and instead automatically reset the affected users’ passwords.
7) LinkedIn’s phishing flaw fixed
A LinkedIn vulnerability revealed back in November 2014 by Kaspersky has been fixed. The vulnerability used LinkedIn’s notification system to send the malicious code through notification emails enabling “attackers to efficiently execute spear phishing campaigns, steal credentials and potentially gain remote control over selected victims without needing to resort to social engineering.”
8) The interwebz is melting
Or that was the impression on July 8 when three major US corporations suffered technology glitches. Trading at the New York Stock Exchange came to a stop for four hours due to a software malfunction, hundreds of United Airline planes were grounded after hardware problems, and the Wall Street Journal suffered a 504 error.
9) Another medical data breach
July also saw another medical data breach when UCLA Health was hit by a hack which left 4.5 million people exposed. On July 17, the organization said that the network containing personal and medical information was breached leaving names, addresses, social security number and medical data, but UCLA said there was no evidence of any data being lifted even though it couldn’t conclusively confirm it.
10) 950 million Android devices exposed
The Android operating system was affected by a series of critical remote code executions identified by Zimperium, a mobile security firm. These vulnerabilities were related to the media playback engine Stagefright leaving the device open to remote exploits through malicious multimedia files. As a result, 950 million Android devices were left exposed.