Here is our latest news roundup of articles about network and SSL security. Click here to see the whole series.
SSL & Encryption News
- NCC Group Cryptography Services along with the Linux Foundation will be conducting the first public security audit of OpenSSL. The audit is expected to take a few months, and the result should be published this summer.
- Microsoft recently warned users of an incorrectly issued SSL Certificate.
- On March 20th Google found that an intermediate CA under the Chinese registrar (CNNIC) had misissued digital certificates for several of Google’s domains.
- Researchers at the University of London discovered that RSA encryption keys have been duplicated 28,000 times.
- New malware named PoSeidon uses memory scraping (a common point-of-sale Trojan technique) to exfiltrate payment card data from point-of-sale (PoS) terminals.
- Biometric authentication is gaining momentum. A recent report estimates that by 2019, 770 million biometric apps will be downloaded.
- Yahoo offers on-demand passwords as an alternative to traditional primary passwords.
- In early March, the FREAK vulnerability was discovered. The FREAK vulnerability affected Safari, Android OS, Internet Explorer, OpenSSL, and others.
- A security audit revealed what was thought to be a high severity vulnerability in OpenSSL.
- Sites that use the Facebook login could be vulnerable to hijacking because of a recently released tool called Reconnect.
- On March 17, health insurance provider Premera Blue Cross announced that they had suffered a major data breach, exposing customer information. The breach affected 11 million customers.
- After being contacted by law enforcement, NEXTEP (a point-of-sale provider), announced that they are investigating a possible data breach.
- Mandarin Oriental hotels confirms that they suffered a data breach. The number of customers and which hotels were affected have not yet been disclosed.
- Hacked GoDaddy accounts are being used by cybercriminals for Angler-type attacks.
- A South Korean nuclear plant is being held ransom by a hacker.
Internet of Things
- Volvo is testing a real-time warning system that would allow cars that encounter hazardous conditions on the road to relay the data to other vehicles in the area through a Volvo server.
- A recent report by Reuters showed that 80% of merchants around the world fail PCI compliance standards.
- A recent study shows that there are 2,400 vulnerable and suspicious mobile apps on employee devices.