Here is our latest news roundup of articles about network and SSL security. (Click here to see the whole series.)
SSL & Encryption
- Microsoft announced they will deprecate SHA-1 within the next four months.
- OpenSSL released versions 1.0.2h and 1.0.1t, which fixed one high-severity flaw and four low-severity flaws.
- Google takes another step towards pushing a HTTPS-everywhere web by offering HTTPS support for blogspot domain blogs.
Data Breaches
- Kiddicare experienced a data breach that exposed sensitive information for 794,000 of their customers.
- Kroger announced that the Equifax W-2Express breach may have exposed former and current employees’ information, including SSN and birth dates.
- In the past few months seven former employees of the Federal Deposit Insurance Corporation left with thumb drives containing personal banking information for 160,000 U.S. residents.
- An InvestBank in the United Arabs Emirates leaked tens of thousands of records online.
- Russian email service exposed 272 million usernames and passwords in a data breach.
- A flaw in the pwnedlist.com service a website that alerts companies when their users’ email passwords and usernames have been compromised caused a breach, exposing 866 million accounts.
Vulnerabilities
- Microsoft released patches for 51 vulnerabilities affecting some of their products, including Windows, IE, Microsoft Edge, and Office.
- A recently discovered flaw in several Symantec antivirus programs allow a hacker the ability to compromise computers.
- Attackers exploit Image Tragick vulnerability in the image processing software.
- GitLab patches vulnerabilities that allowed users to log in as admins.
Malware
- Security researchers found that two banks recently targeted in malware attacks have connections to the 2014 Sony Pictures hack.
- A click-fraud botnet which can reconfigure browser settings infected 900,000 computers worldwide.
- US House of Representatives warned about the rise of phishing emails and ransomware attacks.
- Maisto, a toy company, conducted maintenance after researchers found the site was serving up ransomware.
Cybercrime
- Scammers successfully phish 2015 W-2 records compromising thousands of taxpayers’ records.
- Cybercriminals hack ADP payroll portal and steal 64,000 employee salary data.
- Hacktivist group Anonymous attacks banks across the globe with DDoS attacks.
- Attackers posing as a company executive successfully trick an investment firm to transfer $495,000 to a bank in China.
- Malwarebytes discovered a scamming site impersonating them and other cybersecurity companies. The scammers copied images and content to trick users into paying them for services.
IoT
- A flaw in Samsung’s Smart Home system allows an attacker the ability to make keys to the front door.
- John Deere takes their farm equipment into the world of IoT.
Research & Studies
- A new Ponemon Institute study revealed that almost 90% of healthcare organizations have suffered a data breach.
- Ransomware attacks increased by 14% from the previous quarter, according to a study by Kaspersky Labs.
- In their Q1 Spam and phishing report, Kaspersky observed over 22 million email antivirus detections, which is four times higher than last year.
- DoS attacks could cause organizations to lose over $100,000 per hour of downtime, says a recent study.
- Juniper Research predicts online transaction fraud will have cost organizations $25.6 billion by 2020.