This Month in SSL: February 2016

Here is our latest news roundup of articles about network and SSL security. (Click here to see the whole series.)

SSL & Encryption

Data Security in General

  • The first hacker to be charged with cyberterror charges appeared in court in the Eastern District of Virginia.
  • A hacker recently stole and posted personal information for 9,000 Department of Homeland Security employees. The hacker later announced that he will be releasing 20,000 records for FBI employees.
  • Google announced that they will ban Adobe Flash starting January 2, 2017.
  • Last year Google announced that Chrome’s Safe Browsing would show warnings for social engineering tactics contained within websites. Google stated that the warnings will now warn users of malicious embedded content, such as advertisements.

Data Breaches

Vulnerabilities

  • A flaw in Cisco’s Adaptive Security Appliance (ASA) software could leave users vulnerable to remote attacks. Following the discovery of the flaw, Cisco released a patch and is advising users to update as soon as possible.
  • A bug in FireEye allows malware to circumvent the analysis engine and be whitelisted.
  • Because of a vulnerability in Squid, a caching proxy, attackers are able to perform a DDoS attack when connected to a SSL server.
  • A password recovery flaw exposed email addresses and phone numbers of 10,000 Twitter users.

Malware

Cybercrime

Research & Studies

  • In a survey by US Consumer Privacy Index 2016, Americans stated that they are more worried about online privacy than they are about losing their main income.
  • According to a Risk Based Security study, 50% of data breaches resulted in passwords and email addresses being exposed in 2015.
  • Malware distributed through phishing scams was ranked as the major cause of bank data breaches, according to a study by IBM.
  • Because of healthcare data breaches in 2015 patients are reluctant to share information with medical professionals, according to a new study.