Here is our latest news roundup of articles about network and SSL security. Click here to see the whole series.
SSL & Encryption News
- Several services and organizations announced intentions to move their sites over to HTTPS. The White House announced that all federal agencies need to move public-facing sites to HTTPS by the end of 2016. Bing, Microsoft’s search engine, said they will make the move sometime this summer. Reddit announced they would do it by June 29, 2015. Wikipedia announced they would begin the move immediately.
- Facebook notified app developers that as of October 1, they will no longer support SHA-1 apps.
Vulnerabilities
- ERPScan researchers found SAP HANA uses a default static encryption master key, and that 100% of their customers don’t change the master key.
- New research reveals that snooping criminals could access passwords, email addresses, and health records through vulnerable Android and iOS apps.
Data Breaches
- On June 15, the popular password manager LastPass announced that their network was breached. They later urged users to change their master passwords.
- Using a stolen Foxconn digital certificate, Duqu 2.0 hacked Kaspersky Labs and others with a spyware package.
- The U.S. Office of Personnel Management suffered a data breach and originally said it affected four million federal government employees. Now they are reporting the number exceeds 18 million affected employees.
Internet of Things
- The majority of healthcare organizations are victims of or vulnerable to MEDJACK, a tactic cybercriminals use to infiltrate healthcare networks undetected.
- Hospira drug pumps are vulnerable to criminal hacks, allowing criminals to administer deadly doses to patients. Researchers discovered that the vulnerability extends to several of the manufacturer’s pump models.
Cybercrime
- Attackers use fake password recovery emails to dupe Gmail, Outlook, and Yahoo mail users, attempting to steal credit card credentials.
- Scammers hook Bonnier Publications, publisher of the magazine Popular Science with phishing emails, reeling in $1.5 million dollars.
Research & Studies
- Recent study shows that over 75% of vulnerabilities within an organization’s network are more than two years old.
- Organizations take their time—on average 176 days—to remediate vulnerabilities after a data breach, according to a new study.
- Websense Security Labs found that cyber criminals target financial services four times more than any other industry.
- Unsecured IoT devices not only pose a threat to individual users but also to enterprises, according to a report by OpenDNS.
- 62% of respondents from a recent survey say insider threats have risen, but the security budgets meant to meet those threats have not increased.