Here is our latest news roundup of articles about network and SSL security. (Click here to see the whole series.)
- Mozilla Firefox announced that they plan to deprecate Flash from its browser in the next few months, which is sooner than what they previously planned.
- Some Pokemon Go related apps can steal contact lists, photos, and login credentials.
- A data breach at the Massachusetts General Hospital exposed PII of 4,300 patients.
- Ubuntu Forum experienced a data breach, exposing usernames, email addresses, and IP addresses for 2 million users.
- Hackers stole account details for 1.6 million Clash of Kings forum members.
- Datadog notified users and admins that they suffered a data breach. They urged users and admins to change login credentials.
- Adobe’s latest batch of bundles fixed 52 vulnerabilities that allowed remote code execution.
- Oracle patched 276 flaws in over 80 of their products in what is the largest bundle of patches for the company to date.
- Dell patched several vulnerabilities in their central management system.
- Bugs in SAP HANA and SAP Trex could give an attacker access to sensitive business information.
- Juno fixed vulnerabilities in their operating system, one of which could grant an attacker administrative access to devices.
- Cisco patched the remote execute command vulnerability in its Unified Computing System.
- Apple fixed a newly discovered remote execution flaw in their products.
- A D-Link vulnerability affected more than 400,000 devices.
- A 20-year-old bug in printers could lead to malware installation.
- AVG created six free decrypting tools to help combat increasing ransomware attacks.
- It doesn’t matter if Ranscam victims pay the ransom, this new ransomware deletes encrypted files regardless.
- Satana ransomware not only encrypts files, but also encrypts the master boot record so devices are unable to load the OS.
- One Android Trojan steals financial login data and keeps victim from contacting their bank.
- Keydnap malware targets security researchers using Mac.
- Security researchers discovered a stealthy malware that targets energy companies.
- A group of hackers targeted Pokemon Go servers to find exact location of pokemon.
- After being shut down in June, xDedic, a site that offers access to compromised servers, is now back online.
- Akamai noted that recent DDoS attacks could mean criminals will attack with increasingly longer campaigns.
- The automotive industry published its first cybersecurity best practices document.
- Police report a growing trend in car thefts where criminals use electronic device to steal vehicles.
- Arbor Networks’ ASERT group discovered cybercriminals enslaving IoT connected devices and then using them to launch DDoS attacks.
- New guidance from the U.S. Department of Human Services addresses the growing threat ransomware poses for healthcare organizations.
Research & Studies
- Over half of organizations fail to secure privileged accounts.
- The Black Hat Attendee Survey found that 72% of respondents feel they will experience a major data breach within a year.
- Over half of small to medium-sized businesses were victims of a data breach in the last year, according to a Ponemon Institute study.
- An Imperva report revealed that 29% of web traffic is from malicious bots.
- Payment card fraud is on the rise. One study showed one in three consumers is victimized worldwide.
- Black Hat USA is returning for its 19th year in Las Vegas. The cybersecurity conference will begin July 30th and go to August 2nd.