The most important IT security-related news in July has definitely been the affair surrounding a theft of data from the Hacking Team – company, which develops commercial spyware intended for use by police departments and other security agencies. More than 400 GB of stolen data were made public and afterwards analyzed by IT security specialists, leading to discovery of a large number (still growing) of zero-day vulnerabilities which were used in Hacking Team’s products.
An interesting news appeared also in connection with vehicle security. Two researchers managed to leverage a vulnerability in a wirelessly accessible on-board entertainment system of a Jeep Cherokee which enabled them to remotely control some of the vehicle’s functions and components, including transmission. Fiat Chrysler has responded to publication of the vulnerability by a recall of 1.4 million of affected vehicles. Similar action in connection with software bugs/vulnerabilities was also taken by Land Rover and Ford.
A mention should be made of a press release by Europol, made in the middle of the month, regarding a successful operation to take down the Darkode cybercriminal forum. Although 28 users and administrators were arrested in, the forum resumed its operation only two weeks later.
Another vulnerability has also been discovered in OpenSSL, which enables an attacker to potentially use invalid certificate as a valid one. A fix for the vulnerability was released only few days after its publication.
An interesting new attack which could lead to extraction of data from an air-gapped system has also been made public. It is based on transmitting a radio signal generated by the computer using a video card bus as an antenna and received by a nearby mobile phone.