This Month in SSL: July 2016

Here is our latest news roundup of articles about network and SSL security. (Click here to see the whole series.)

Data Security

• Mozilla Firefox announced that they plan to deprecate Flash from its browser in the next few months, which is sooner than what they previously planned.
• Some Pokemon Go related apps can steal contact lists, photos, and login credentials.

Data Breaches

• A data breach at the Massachusetts General Hospital exposed PII of 4,300 patients.
• Ubuntu Forum experienced a data breach, exposing usernames, email addresses, and IP addresses for 2 million users.
• Hackers stole account details for 1.6 million Clash of Kings forum members.
• Datadog notified users and admins that they suffered a data breach. They urged users and admins to change login credentials.

Vulnerabilities

• Adobe’s latest batch of bundles fixed 52 vulnerabilities that allowed remote code execution.
• Oracle patched 276 flaws in over 80 of their products in what is the largest bundle of patches for the company to date.
• Dell patched several vulnerabilities in their central management system.
• Bugs in SAP HANA and SAP Trex could give an attacker access to sensitive business information.
• Juno fixed vulnerabilities in their operating system, one of which could grant an attacker administrative access to devices.
• Cisco patched the remote execute command vulnerability in its Unified Computing System.
• Apple fixed a newly discovered remote execution flaw in their products.
• A D-Link vulnerability affected more than 400,000 devices.
• A 20-year-old bug in printers could lead to malware installation.

Malware

• AVG created six free decrypting tools to help combat increasing ransomware attacks.
• It doesn’t matter if Ranscam victims pay the ransom, this new ransomware deletes encrypted files regardless.
• Satana ransomware not only encrypts files, but also encrypts the master boot record so devices are unable to load the OS.
• One Android Trojan steals financial login data and keeps victim from contacting their bank.
• Keydnap malware targets security researchers using Mac.
• Security researchers discovered a stealthy malware that targets energy companies.

Cybercrime

• A group of hackers targeted Pokemon Go servers to find exact location of pokemon.
• After being shut down in June, xDedic, a site that offers access to compromised servers, is now back online.
• Akamai noted that recent DDoS attacks could mean criminals will attack with increasingly longer campaigns.

IoT

• The automotive industry published its first cybersecurity best practices document.
• Police report a growing trend in car thefts where criminals use electronic device to steal vehicles.
• Arbor Networks’ ASERT group discovered cybercriminals enslaving IoT connected devices and then using them to launch DDoS attacks.

Healthcare

• New guidance from the U.S. Department of Human Services addresses the growing threat ransomware poses for healthcare organizations.

Research & Studies

• Over half of organizations fail to secure privileged accounts.
• The Black Hat Attendee Survey found that 72% of respondents feel they will experience a major data breach within a year.
• Over half of small to medium-sized businesses were victims of a data breach in the last year, according to a Ponemon Institute study.
• An Imperva report revealed that 29% of web traffic is from malicious bots.
• Payment card fraud is on the rise. One study showed one in three consumers is victimized worldwide.

Events

• Black Hat USA is returning for its 19^th year in Las Vegas. The cybersecurity conference will begin July 30^th and go to August 2^nd.