Here is our latest news roundup of articles about network and SSL security. Click here to see the whole series.
SSL & Encryption News
- Security researchers discovered an encryption flaw similar to the FREAK vulnerability. The flaw, dubbed Logjam, allows attackers to downgrade the 512-bit cryptography making a man-in-the-middle attack possible.
- Mozilla announced that upcoming versions of Firefox will not be trusting HTTP connections. (The announcement was made April 30).
Data Security
- Because of the rise in identity theft through hacking, the IRS has established a new unit dedicated to tracking down cybercriminals.
- A legislation has been proposed in recent months that would allow companies the choice of whether or not to alert customers of a data breach.
Vulnerabilities
- CrowdStrike researchers announced the newly discovered VENOM vulnerability, but some say it is not the threat it was made out to be.
- BACKRONYM vulnerability in MySQL downgrades SSL connections enabling attackers to snoop communications.
Malware
- The self-destructing virus Rombertik sounds worse than it is according to researchers.
- Mumblehard, the new Linux malware, features backdoor and spamming components.
- A new strain of the Dyre banking Trojan circumvents security measures causing more than $1 million in financial loses.
Data Breaches
- Cybercriminals hacked Adult FriendFinder, one of the largest dating sites, gaining access to 3.9 million accounts.
- Healthcare insurance provider CareFirst BlueCross BlueShield has fallen victim to another data breach, affecting 1.1 million members.
- Partners HealthCare announced that they may have suffered a data breach caused by employees responding to phishing emails.
- Ryanair an Irish low-cost airline suffered a major financial breach resulting in a loss of more than $5 million.
- Penn State University notified 18,500 individuals that their sensitive information may have been accessed by two threat actors.
Internet of Things
- Security researchers recently remotely hacked a robotic remote surgeon.
- Hospira’s Lifecare PCA3 Drug Infusion pumps are full of vulnerabilities.
Research & Studies
- New research from Juniper estimates the global cost of data breaches to be in the trillions by 2019.
- The cause of healthcare data breaches is shifting from device theft to criminal attacks according to a new study by the Ponemon Institute.
- Mobile malware threats are increasing according to Kaspersky Labs Q1 2015 report.
- This month Akamai released their Q1 2015 State of the Internet Security Report.
Events
If you missed Microsoft Ignite 2015, you can catch up here.