Here is our latest news roundup of articles about network and SSL security. (Click here to see the whole series.)
SSL & Encryption
- To address the SSL migration dates and the expanding threat landscape, the PCI Security Standards Council will be releasing PCI DDS version 3.2 earlier than the usual fall release.
Data Security in General
- The first hacker to be charged with cyberterror charges appeared in court in the Eastern District of Virginia.
- A hacker recently stole and posted personal information for 9,000 Department of Homeland Security employees. The hacker later announced that he will be releasing 20,000 records for FBI employees.
- Google announced that they will ban Adobe Flash starting January 2, 2017.
- Last year Google announced that Chrome’s Safe Browsing would show warnings for social engineering tactics contained within websites. Google stated that the warnings will now warn users of malicious embedded content, such as advertisements.
Data Breaches
- The University of Central Florida experienced a data breach where hackers accessed SSNs of 63,000 current and former students and employees.
- Two employees violated a HIPAA regulation and caused a data breach at Washington State Medicaid.
Vulnerabilities
- A flaw in Cisco’s Adaptive Security Appliance (ASA) software could leave users vulnerable to remote attacks. Following the discovery of the flaw, Cisco released a patch and is advising users to update as soon as possible.
- A bug in FireEye allows malware to circumvent the analysis engine and be whitelisted.
- Because of a vulnerability in Squid, a caching proxy, attackers are able to perform a DDoS attack when connected to a SSL server.
- A password recovery flaw exposed email addresses and phone numbers of 10,000 Twitter users.
Malware
- An online Batman turned the tables on banking malware distributors by replacing the malware with a free antivirus program.
- Third-party rooting malware lays in wait for Android users in app stores.
- Attackers targeted a Los Angeles hospital with malware. After the malware locked the hospital’s system for ten days, the hospital decided to pay the $17,000-dollar ransom.
Cybercrime
- Hackers recently attempted to generate E-file PINs with stolen SSNs. Fortunately, the IRS stated that the hackers did not access compromise taxpayers’ personal information.
- Cybercriminals target Netflix users with phishing emails, attempting to lure users to a spoofed site where they are directed to enter their login and credit card credentials.
Research & Studies
- In a survey by US Consumer Privacy Index 2016, Americans stated that they are more worried about online privacy than they are about losing their main income.
- According to a Risk Based Security study, 50% of data breaches resulted in passwords and email addresses being exposed in 2015.
- Malware distributed through phishing scams was ranked as the major cause of bank data breaches, according to a study by IBM.
- Because of healthcare data breaches in 2015 patients are reluctant to share information with medical professionals, according to a new study.