Here is our latest news roundup of articles about network and SSL security. (Click here to see the whole series.)
SSL & Encryption News
- Google posted an update on the SHA-1 deprecation. In early 2016 Google will block new SHA-1 certificates in Chrome, and starting January 2017 they will block all SHA-1 certificates.
- On December 3rd, OpenSSL released four patches for four moderate to low security vulnerabilities.
Data Breaches
- Cybercriminals breached VTech’s network. When the company announced the breach they stated 5 million customers were affected, but that number has climbed to 10 million.
- WP Engine advised users to change their passwords after the company announced a data breach.
- A data breach at Keenan & Associates Healthcare exposed sensitive information for 35,000 patients.
Vulnerabilities
- Researchers found a major flaw in three anti-virus software products by McAfee, Kaspersky, and AVG. Using the flaw, a hacker could inject their own code into a system.
- A security researcher discovered a vulnerability in MacKeeper that an attacker could use to access 13 million users’ personal information.
- Two recently discovered CERT vulnerabilities give hackers the ability to view and modify patient information.
- An attacker could exploit FireStorm vulnerability and attain data through a network’s firewall.
Malware
- Researchers identified a malvertising attack on popular video-sharing site, DailyMotion.
- FireEye discovered a new malware, dubbed Nemesis, that targets payment card systems.
Cybercrime
- Hackers use botnets in a new attack strategy, targeting POS systems of small- to medium-sized businesses.
- The hacktivist group Anonymous announced they were responsible for taking down the Trump Tower website.
- Cybercriminals target Intuit users with phishing scam.
IoT
- Marginally skilled hackers could exploit vulnerabilities in gas detectors manufactured by Honeywell.
Research & Studies
- Study finds that consumers tend to avoid businesses that have experienced a data breach, especially when financial information was compromised.
- The United States ranked the highest total average costs for data breach at $15 million, according to a Ponemon study.
- New research reveals that over 85% of PHP-based apps are vulnerable to XSS.
- A new report points to insider threats as biggest security concern businesses face.
- Cybersecurity insurance may drive security by setting new requirements for coverage, says report.
- Small businesses should beware of DDoS attacks which are increasing in frequency, according to Akamai.
- Verizon’s Health Information Data Breach Report revealed that 45% of healthcare security breaches are due to lost/stolen devices.