Here is our latest news roundup of articles about network and SSL security. (Click here to see the whole series.)
- Microsoft takes a stand against weak passwords by banning common passwords and using smart password lockout in Microsoft Account System and private preview Azure AD.
- A hacker who goes by the name Guccifer 2.0 claims he or she hacked the Democratic National Committee, supposedly proving it by posting the stolen files online.
- VerticalScope, a website acquisition and development company, suffered a data breach of over 45 million records affecting more than 1,100 websites.
- Because of a flaw in their automated email system, Let’s Encrypt leaked 7,618 of their users’ email addresses.
- Researchers demonstrate how to hijack a Facebook account using the target victim’s phone number and a flaw in the SS7 network.
- Adobe warns that a vulnerability is currently being exploited out in the wild. They believe that a cyberespionage group is using the bug to launch targeted attacks.
- Microsoft released security updates for over forty vulnerabilities, six of which are considered critical.
- A researcher discovered two vulnerabilities in two models of Netgear routers.
- A software flaw in a Juniper’s JunOS router could result in a DDoS attack.
- Google released patches for eight critical vulnerabilities and 28 high-severity vulnerabilities.
- A flaw in Facebook’s Chat and Messenger app could allow an attacker the ability to view and modify chats, and distribute malware.
- A zero-day exploit for Windows is selling for $90,000 on an underground market.
- A white hat hacker informs the Better Business Bureau of a flaw in their website that could have led to a data breach.
- Malware developers incorporate old and new techniques to infect users’ devices with Zcrypt ransomware.
- A new ransomware named Crysis is quietly stealing the spotlight from the prevalent Locky ransomware.
- University of Calgary gives-in to ransom demands and pays $20,000 in order to decrypt their files.
- A security researcher discovered ransomware that not only encrypts files, but also mocks researchers with messages contained inside the source code.
- FastPOS malware steals and delivers credit card data in an instant, which differs from other POS malware that stores stolen data locally and delivers it later bit by bit.
- Cybercriminals sell compromised government servers for $6 on an online black market.
- Cybercriminals targeted one company with a DDoS extortion attack. Instead of giving to demands, the company alerted their clients about the coming attack.
Research & Studies
- FBI issues warning of the rise in BEC scams that have stolen over $3 billion from companies.
- The average cost of data breaches has risen to over $4 million dollars, according to Ponemon Cost of Data Breach 2016 report.
- A new study reveals that IT experts are not confident about their companies’ cyberincident response plans.
- A study finds that one-third of organizations suffered a data breach in the past year.
- Phishing emails that contain malware have increased 37% from December 2015 to March 2016.
- Researchers found that half of the ads users click on in free live-streaming websites lead to malicious links.