Here is our latest news roundup of articles about network and SSL security. (Click here to see the whole series.)

Data Security

• Microsoft takes a stand against weak passwords by banning common passwords and using smart password lockout in Microsoft Account System and private preview Azure AD.

Data Breaches

• A hacker who goes by the name Guccifer 2.0 claims he or she hacked the Democratic National Committee, supposedly proving it by posting the stolen files online.
• VerticalScope, a website acquisition and development company, suffered a data breach of over 45 million records affecting more than 1,100 websites.
• Because of a flaw in their automated email system, Let’s Encrypt leaked 7,618 of their users’ email addresses.

Vulnerabilities

• Researchers demonstrate how to hijack a Facebook account using the target victim’s phone number and a flaw in the SS7 network.
• Adobe warns that a vulnerability is currently being exploited out in the wild. They believe that a cyberespionage group is using the bug to launch targeted attacks.
• Microsoft released security updates for over forty vulnerabilities, six of which are considered critical.
• A researcher discovered two vulnerabilities in two models of Netgear routers.
• A software flaw in a Juniper’s JunOS router could result in a DDoS attack.
• Google released patches for eight critical vulnerabilities and 28 high-severity vulnerabilities.
• A flaw in Facebook’s Chat and Messenger app could allow an attacker the ability to view and modify chats, and distribute malware.
• A zero-day exploit for Windows is selling for $90,000 on an underground market.
• A white hat hacker informs the Better Business Bureau of a flaw in their website that could have led to a data breach.

Malware

• Malware developers incorporate old and new techniques to infect users’ devices with Zcrypt ransomware.
• A new ransomware named Crysis is quietly stealing the spotlight from the prevalent Locky ransomware.
• University of Calgary gives-in to ransom demands and pays $20,000 in order to decrypt their files.
• A security researcher discovered ransomware that not only encrypts files, but also mocks researchers with messages contained inside the source code.
• FastPOS malware steals and delivers credit card data in an instant, which differs from other POS malware that stores stolen data locally and delivers it later bit by bit.

Cybercrime

• Cybercriminals sell compromised government servers for $6 on an online black market.
• Cybercriminals targeted one company with a DDoS extortion attack. Instead of giving to demands, the company alerted their clients about the coming attack.

IoT

• Hackers target Smart TVs with FLocker ransomware.
• Hackers can hijack D-Link cameras due to a flaw.

Research & Studies

• FBI issues warning of the rise in BEC scams that have stolen over $3 billion from companies.
• The average cost of data breaches has risen to over $4 million dollars, according to Ponemon Cost of Data Breach 2016 report.
• A new study reveals that IT experts are not confident about their companies’ cyberincident response plans.
• A study finds that one-third of organizations suffered a data breach in the past year.
• Phishing emails that contain malware have increased 37% from December 2015 to March 2016.
• Researchers found that half of the ads users click on in free live-streaming websites lead to malicious links.