Here is our latest news roundup of articles about network and SSL security. Click here to see the whole series.
SSL & Encryption News
- New CA/B Forum Baseline Requirements make it so Certificate Authorities can only issue certificates with validity periods up to 39 months starting on April 1.
- The final touches are being put on HTTP/2, and we should see it in browsers within weeks.
- It’s no secret that users blatantly ignore browser warnings, so is an effort to help users Google has redesigned its SSL warnings in Chrome.
- In mid-February, Microsoft announced that Internet Explorer will support HSTS in the Windows 10 Technical Preview.
Data Security
- Earlier this month, Google decided to relax their rigid 90-day vulnerability disclosure period.
Data Breaches
- The healthcare provider Anthem was breached, affecting 80 million customers and employees.
- Gemalto, the largest manufacturer of SIM cards, investigates the data breach that resulted in encryption keys being stolen and the compromise of mobile communications in 450 wireless providers worldwide.
- The hackers who attacked Target and Home Depot have now targeted Book2Park.com, which is an online parking reservation service for airports.
- After a recent data breach, the gaming social network Raptr asked users to change their passwords.
- An insider threat made the theft of $700,000 Apple gift cards possible.
- Senior Health Partners suffers a data breach due to the theft of a laptop and smartphone with records of 2,700 members.
Vulnerabilities
- One of the recent Adobe Flash Player vulnerabilities becomes a backdoor for ransomware out of Russia.
- A new cross-site scripting vulnerability was found in Internet Explorer that allows attackers to steal user credentials.
Malware
- Data security best practices were ignored when Lenovo shipped laptops with Superfish adware that broke HTTPS connections and left users vulnerable to man-in-the-middle attacks.
- Comodo’s advertising software PrivDog exposes users to potential man-in-the-middle attacks.
- An Israeli company called Komodia was found to be behind several Trojans as well as SSL-hijacking software.
- Dyreza, a banking Trojan disguised as a fax message, infects thousands of users, stealing their sensitive financial information.
Internet of Things
- With the recent demo of a hacker hijacking a car in minutes, it’s no wonder that automakers would avoid talking about cyber security. But Massachusetts Senator Edward Markey is looking for answers, and reveals some disturbing things.
- Samsung smart television voice recognition features may be capturing personal information.
Reports & White Papers
- A study conducted by the Ponemon Institute exposes the effectiveness of visual hacking.
- Out of 1 million apps that were analyzed in the February 2015 Mobile Threat Report, many of the most malicious and risky apps came from U.S. publishers.
- According to a recent study, 58% of US businesses were targeted by a DDoS attack in 2014.
- A new study shows the percentage of malware that sneak past antivirus software, and the number is staggering.
Events
- Because of the data breaches in 2014, the US government is allocating money to its newly formed cybersecurity unit (and cyber security in general) and met at Stanford University for a cybersecurity summit this month.