Here is our latest news roundup of articles about network and SSL security. Click here to see the whole series.
SSL & Encryption News
- Early in July the OpenSSL Project announced they would be releasing a patch for a high severity vulnerability that allowed an attacker to impersonate a trusted server.
- Researchers found that a known attack technique used against RC4 cipher suite could also be used to break into WiFi networks.
- Both Google Chrome and Mozilla Firefox released updated versions of their browsers, fixing a number of vulnerabilities. Google released Chrome 44, and Mozilla released Firefox 39.
Data Breaches
- The Hacking Team suffered a data breach in early July. More than 400 GB of information was stolen.
- Lifelock, the ID theft protection firm, did not protect their network sufficiently, resulting in a data breach.
- Epic Games forum was hacked in mid-July. It is unknown what information was stolen, but users’ login credentials, emails addresses, and DOB were likely affected.
- Mandarin Oriental Hotel Group announced that 10 of its properties were affected by a recent data breach.
- A year ago JPMorgan Chase discovered a hack that compromised 83 million accounts. This year U.S. law enforcement arrested five individuals who are believed to be involved in the breach.
Internet of Things
- The first zero-day exploit is now available for cars. Security researchers Charlie Miller and Chris Valasek demonstrated the hack on a Jeep Cherokee.
- A recently discovered vulnerability could be more deadly than others affecting IoT. Two researchers discovered a vulnerability in a self-aiming rifle through the WiFi network.
- Researchers found vulnerabilities in three of the most popular Smart Home Hubs.
Cybercrime
- Scammers use cloaking technique and apply it to PDFs, slipping past Google filters.
- Cybercriminals exploit a vulnerability found in common routers that has been around for over 25 years.
Malware
- Malware sent via a text message could infect Android phones, even if users don’t open the text. 950 million Android mobile devices are affected.
- Andromeda botnet infects new point-of-sale systems with new malware called GamaPoS.
- Cowboy Adventure and Jump Chess, legitimate games on Google Play, contained functions to harvest Facebook login credentials.
- A recently discovered bug in OpenSSH software allows hackers the ability to submit thousands of password guesses in very little time.
Research & Studies
- An Acunetix report discovered that all the websites in their study have medium to high vulnerabilities.
- A recent study which analyzed a quarter million endpoint devices detected targeted intrusions in all 40 of the participating enterprises.