This Month in SSL: July 2016

Here is our latest news roundup of articles about network and SSL security. (Click here to see the whole series.)

Data Security

  • Mozilla Firefox announced that they plan to deprecate Flash from its browser in the next few months, which is sooner than what they previously planned.
  • Some Pokemon Go related apps can steal contact lists, photos, and login credentials.

Data Breaches

  • A data breach at the Massachusetts General Hospital exposed PII of 4,300 patients.
  • Ubuntu Forum experienced a data breach, exposing usernames, email addresses, and IP addresses for 2 million users.
  • Hackers stole account details for 1.6 million Clash of Kings forum members.
  • Datadog notified users and admins that they suffered a data breach. They urged users and admins to change login credentials.

Vulnerabilities

  • Adobe’s latest batch of bundles fixed 52 vulnerabilities that allowed remote code execution.
  • Oracle patched 276 flaws in over 80 of their products in what is the largest bundle of patches for the company to date.
  • Dell patched several vulnerabilities in their central management system.
  • Bugs in SAP HANA and SAP Trex could give an attacker access to sensitive business information.
  • Juno fixed vulnerabilities in their operating system, one of which could grant an attacker administrative access to devices.
  • Cisco patched the remote execute command vulnerability in its Unified Computing System.
  • Apple fixed a newly discovered remote execution flaw in their products.
  • A D-Link vulnerability affected more than 400,000 devices.
  • A 20-year-old bug in printers could lead to malware installation.

Malware

  • AVG created six free decrypting tools to help combat increasing ransomware attacks.
  • It doesn’t matter if Ranscam victims pay the ransom, this new ransomware deletes encrypted files regardless.
  • Satana ransomware not only encrypts files, but also encrypts the master boot record so devices are unable to load the OS.
  • One Android Trojan steals financial login data and keeps victim from contacting their bank.
  • Keydnap malware targets security researchers using Mac.
  • Security researchers discovered a stealthy malware that targets energy companies.

Cybercrime

  • A group of hackers targeted Pokemon Go servers to find exact location of pokemon.
  • After being shut down in June, xDedic, a site that offers access to compromised servers, is now back online.
  • Akamai noted that recent DDoS attacks could mean criminals will attack with increasingly longer campaigns.

IoT

Healthcare

  • New guidance from the U.S. Department of Human Services addresses the growing threat ransomware poses for healthcare organizations.

Research & Studies

  • Over half of organizations fail to secure privileged accounts.
  • The Black Hat Attendee Survey found that 72% of respondents feel they will experience a major data breach within a year.
  • Over half of small to medium-sized businesses were victims of a data breach in the last year, according to a Ponemon Institute study.
  • An Imperva report revealed that 29% of web traffic is from malicious bots.
  • Payment card fraud is on the rise. One study showed one in three consumers is victimized worldwide.

Events

  • Black Hat USA is returning for its 19th year in Las Vegas. The cybersecurity conference will begin July 30th and go to August 2nd.
Posted in Data Security, News, SSL In the News, Uncategorized