Here is our latest news roundup of articles about network and SSL security. (Click here to see the whole series.)
SSL & Encryption News
- Microsoft is reconsidering when they will deprecate support for SHA-1 Certificates due to research about increasing risks associated with using this hash. This blog post discusses deprecating the algorithm as early as June 2016.
- Google announced it is planning to deprecate DHE cipher suites to encourage sites move over to ECDHE-based cipher suites.
- Early this month, Mozilla released Firefox 42. It comes with updated security indicators Mozilla designed to better convey a site’s security status for users.
- Google updated Safe Browsing technology to include red warnings for sites that could contain social engineering content.
Data Breaches
- Comcast reset 200,000 passwords following a breach that compromised customers’ email addresses and passwords.
Vulnerabilities
- Dell shipped two laptops with a digital certificate that uses the same private key, making it possible for anyone to sign a SSL Certificate and impersonate any HTTPS site.
- Security researcher writes ransomware for Mac to show that Apple operating systems are as vulnerable as other operating systems. He sent the proof of concept to Apple and Symantec.
Malware
- Malwarebytes researchers discovered a malware campaign that redirected users to casino websites meant to distract users while the malware infected their computers.
- Ransomware creators used a new malware named Chimera to encrypt local files and then threatened to release files to the internet if they are not paid a ransom.
Cybercrime
- After their servers went down because of a DDoS attack, ProtonMail received a ransom demand for 15 bitcoins, which they paid.
- Akamai researchers observed a multi-layered spamming botnet they named “Torte” or Cake. The botnet, made up of more than 80,000 compromised systems, targets major server operating systems.
Data Security
- Because of the Adobe Flash bug, a security researcher is working on building a new method to mitigate attackers exploiting bugs.
- The U.S. Government published a privacy policy for federal agencies to use in managing personal identifiable information.
Mobile
- A security researcher discovered a bug in the Gmail Android app. The bug allows phishing emails to slip past Google’s phishing protection.
Research & Studies
- Gartner estimates that by 2016 IoT devices will reach almost 6.4 billion. By 2020 they estimate IoT devices will increase to 20.8 billion.
- A survey of 200 cybersecurity professionals revealed that 60% of management in organizations are not informed about cyberthreats.
- A survey reports that privileged account management is unreliable in most organizations.
- Endpoint security is weak or nonexistent in almost half of federal agencies, according to a new study.
- A new study shows that only eight out of fifty U.S. states are decently prepared to battle cyberthreats.