Here is our latest news roundup of articles about network and SSL security. (Click here to see the whole series.)
SSL & Encryption
- New research released at Black Hat USA 2016 revealed major vulnerabilities in HTTP/2 protocol.
Data Breaches
- A data breach caused by an employee at Sage U.K. software emphasized the hidden danger of insider threats.
- A hacker recently breached the Dota 2 Dev forum, stealing almost 2 million forum members’ email addresses, usernames, and passwords.
- A vBulletin vulnerability gave hackers a backdoor into 27 million internet accounts.
Vulnerabilities
- A dangerous Linux bug could allow hijacking attacks on many popular websites, according to a group of researchers.
- A security researcher discovered a vulnerability in Kaspersky’s Safe Browser iOS app that could allow MITM attacks.
Malware
- A POS malware attack hit retailer Eddie Bauer, affecting 360 locations.
Cybercrime
- Attackers use new method called QRLJacking to hijack online accounts.
- Law enforcement arrested a Nigerian scammer for extorting a total of $60 million from victims.
- In order to obtain log in credentials, scammers targeted United Services Automobile Association members with phishing campaigns.
IoT
- Well-known researcher returned to Black Hat USA 2016 to demonstrate hijacking connected cars by exploiting vulnerabilties.
Research & Studies
- Salted Hash examined passwords compromised in a phishing attack and found that password habits have not improved.
- An AVG study revealed that only 22% of businesses use password managers for storage and safekeeping.
- 32% of hospitals transmit unencrypted data, according to a survey by the Healthcare Information and Management Systems Society.
- Kaspersky observed a 15.6% rise in malware in Q2 2016.
- Almost half of organizations are not prepared to mitigate insider threats, says a new Mimecast survey.
- A study sponsored by Malwarebytes found that over half of U.S. businesses were victims of ransomware in the last 12 months.
- Researchers discovered that hackers can hijack cellphone towers due to critical vulnerabilities in the operating software.
- Researchers at Google and Brigham Young University uncover some reasons why users ignore security warnings.