Breaches 04-29-2016

This Month in SSL: April 2016

Here is our latest news roundup of articles about network and SSL security. (Click here to see the whole series.)

Google recently released a list of Certificate Authorities that are not trusted by browsers.

A cybercriminal attempted to sell sensitive information for 1.5 million Verizon customers on the black market after breaching Verizon’s network.
In October of last year, Trump Hotels suffered a breach through their payment system. Earlier this month, Trump Hotels suffered another credit card data breach.
Stanford University suffered a tax-related data breach. Criminals stole W-2 forms from 3,500 Stanford employees.
A former FDIC employee caused a major data breach, which affected 44,000 customers.
A recent data breach in the Philippines exposed 54.36 million registered voters.
50 million Turkish citizens may have had their personal information exposed in a recent data breach.

A security researcher found that a flaw in Cisco UCS servers could allow a hacker the ability to hijack servers with a malicious HTTP request.
Researchers discovered that cybercriminals could circumvent a faulty, three-year-old Java patch.
Vulnerable servers leave hospitals open to ransomware attacks.
Adobe alerted users of a critical vulnerability being exploited by attackers.

Researchers discovered a banking malware that cybercriminals used to steal millions of dollars from banks across the U.S. and Canada in a matter of days.
A malware dubbed Multigrain can steal credit card data from PoS systems.
A new ransomware called Petya uses cloud storage sites such as DropBox to infect users.
MedStar Health joins the list of healthcare providers that have been taken offline because of a malware attack.
A malvertising campaign serving the Angler exploit kit hit Netherland’s top sites.

For the past two years, every two weeks or so phishers have been targeting one CEO in an attempt to trick him into wiring them money.
A cybercrime group is targeting retail and hospitality companies that are still using weak PoS systems.
Large DDoS attack hit China-based lottery site. The attack was successful because it hit weak spots in the site’s DDoS protection platform.
Buhtrap a Russian hacking group has performed 13 successful attacks, stealing billions from Russian and EU banks.
Researchers and law enforcement worked together to take-down a botnet that enslaved 4,000 Linux.

FBI warns farmers using IoT connected farm equipment that equipment hacks and data breaches are likely to occur in the near future.
A flaw in common IoT connected door controllers can allow a hacker to unlock doors.

In a study, Google found that approximately 800,000 websites have been infected with malware or some other type of malicious content.
10% of organizations don’t have a cybersecurity framework in place, according to a new survey.
A recent survey found that 45% of respondents do not know how long it would take their company to detect a data breach.
Vormetric report finds that over 60% of federal agencies have been victims of a data breach.
Researchers found that over 3 million servers are running vulnerable JBoss software, leaving servers open to attack.
Because of misconfigured networks and outdated software, thousands of companies are vulnerable to cyberattack, says an investigation by F-Secure.
According to researchers, malware will soon enter into a new era where malware self-propagates.
Ransomware attacks are increasing and most companies are unprepared for them, according to a new Ponemon Institute survey.
FBI warns that business email compromise is becoming a major threat to companies and has cost US companies over $ 2.3 billion in losses since 2013.
In a Ponemon Institute survey, 39% of healthcare IT professionals said that their healthcare organizations did not know how to protect themselves from a cyberattack.
Cybercriminals target healthcare organizations more than any other industry, according to 451 Research.
A new study revealed that 14% of doctors store patient information on unprotected cell phones or other mobile devices.