Top 10 Security Incidents and Vulnerabilities of 2014

1 - Top 10 Security Incidents and Vulnerabilities of 2014
2 - No. 10: WireLurker Targets Mac OS X and iOS
3 - No. 9: Fake ID Vulnerability Takes Aim at Android
4 - No. 8: POODLE Puts an End to SSL v3
5 - No. 7: Sandworm Goes After Windows
6 - No. 6: Shellshock Shocks Linux
7 - No. 5: Xen Flaw Reboots the Public Cloud
8 - No. 4: JPMorgan Attack Exposes 83 Million to Risk
9 - No. 3: Backoff Malware Leads Retailer Assault
10 - No. 2: Heartbleed Impact Was Widespread
11 - No. 1: Sony Hack Has International Impact
1 of 11

Top 10 Security Incidents and Vulnerabilities of 2014

by Sean Michael Kerner

2 of 11

No. 10: WireLurker Targets Mac OS X and iOS

WireLurker, first disclosed in November by Palo Alto Networks' Unit 42 research group, is an interesting hybrid attack that takes aim at both Apple OS X and iOS users. To be exploited, a user needs to download a malicious file on a Mac OS X machine and then connect to an iOS device.

3 of 11

No. 9: Fake ID Vulnerability Takes Aim at Android

In July, Bluebox Security revealed the Fake ID flaw in Android, which gives an attacker the ability to impersonate a valid app developer.

4 of 11

No. 8: POODLE Puts an End to SSL v3

The POODLE, or Padding Oracle On Downgraded Legacy Encryption, vulnerability was first disclosed by Google security researchers on Oct. 14. POODLE is a vulnerability in the SSL 3.0 cryptographic protocol that can enable an attacker to access and read encrypted communications.

5 of 11

No. 7: Sandworm Goes After Windows

Among the many Microsoft vulnerabilities patched in 2014 is one dubbed Sandworm by security firm iSight Partners. The vulnerability, which also is known as CVE-2014-4114, is a flaw in Microsoft's Object Linking and Embedding (OLE) that was used in attacks against NATO and the European Union.

6 of 11

No. 6: Shellshock Shocks Linux

The Shellshock vulnerability, first disclosed on Sept. 24, is a flaw in the open-source BASH (Bourne Again SHell). The Shellshock flaw gave an attacker the ability to execute arbitrary commands on vulnerable servers. Adding to the panic surrounding Shellshock was the fact that it took several days for complete patches to emerge that protected users.

7 of 11

No. 5: Xen Flaw Reboots the Public Cloud

On Oct. 1, the open-source Xen hypervisor project disclosed XSA-108, a security vulnerability that gave access to the resources of other virtual machines on the same host. It's a flaw that was patched by the major public cloud providers, including Amazon, Rackspace and IBM, before it was first publicly disclosed.

8 of 11

No. 4: JPMorgan Attack Exposes 83 Million to Risk

On Oct. 2, financial giant JPMorgan Chase publicly acknowledged that its systems were hacked in an attack that exposed 76 million households and an additional 7 million small businesses to a data compromise.

9 of 11

No. 3: Backoff Malware Leads Retailer Assault

Many big-name retailers were exploited by point-of-sale (POS) retail malware in 2014, including Home Depot, Staples, Neiman Marcus and UPS. One of the leading POS malware attacks in 2014 came from the Backoff malware, which the U.S. Secret service warned in August had impacted more than 1,000 retailers.

10 of 11

No. 2: Heartbleed Impact Was Widespread

The Heartbleed vulnerability, which was first disclosed on April 7, is a flaw in the open-source OpenSSL cryptographic library. Due to the fact that OpenSSL is widely deployed and embedded within multiple forms of technology, the impact of Heartbleed was widespread, affecting VPNs, Webservers and mobile devices.

11 of 11

No. 1: Sony Hack Has International Impact

No attack has captured the imagination and attention of the general public as much as the attack on Sony Pictures. First disclosed at the end of November, the Sony Pictures attack shut down many IT operations at the company and led to the accusation by the FBI that North Korea was behind the attack.

Top White Papers and Webcasts