Here is our latest news roundup of articles about network and SSL security. (Click here to see the whole series.)
SSL & Encryption News
- Because of recent attacks on SHA-1, Mozilla explained in a recent blog post they are considering deprecating SHA-1 earlier than scheduled by six months.
- The cost of resources necessary to break SHA-1 hashing algorithm has decreased to $75,000, making it financially possible for cybercriminals to break it.
- In an attempt to incentivize websites to move from HTTP to HTTPS, Google got rid of the yellow triangle warning in Chrome 46.
- Researchers state 1024-bit encryption is now not enough. They suggest either 2048-bit encryption or elliptical curve cryptography as better options for staying secure.
Data Breaches
- Cybercriminals breached Experian’s servers and accessed sensitive information for 15 million T-Mobile customers.
- Dow Jones & Co. suffered a data breach, affecting 3,500 of their subscribers. However, Dow Jones & Co. CEO has assured subscribers that as of yet there is no evidence that any data was stolen.
- Law enforcement notified Scottrade that hackers had breached their system between 2013 and 2014. The breach affects 4.6 million customers.
- Malware infected the Trump Hotel Collection payment system, the company confirmed. Trump Hotel Collection assured guests that no information had been stolen.
Vulnerabilities
- Tavis Omandy, a Google researcher, alerted Kaspersky of several zero-day vulnerabilities in their anti-virus software. Kaspersky was quick to release patches for the vulnerabilities.
- A security expert discovered a vulnerability being exploited in the wild in nine Netgear models.
Malware
- Dangerous new malware poses as Google Chrome functioning the same as the real Chrome except for a few malicious, hidden capabilities.
- Heimdal Security observed a malware campaign that uses blackhat SEO techniques to boost visits to webpages containing malicious code.
- Advertising network battles malvertising campaigns with in-depth vetting process to ensure adspace is given to legitimate companies rather than malvertisers.
Healthcare
- At the beginning of October, the Department of Health and Human Services published 10-year roadmap specifying how medical information should be shared between healthcare providers, insurance companies, and patients.
- Accenture released a study on the estimated billions U.S. health systems will spend over the next five years because of cybercrime.
- Regardless of healthcare data breaches, non-technical healthcare employees still don’t take cybersecurity seriously.
Mobile
- An Android vulnerability allows hackers to trick users into visiting spoofed web pages.
Research & Studies
- A survey of cybersecurity professionals shows that time is a major challenge in minimizing the damage of a data breach.
- Mobile threats are more of a factor in data breaches than previously thought a new study indicates.
- A study found that one in four organizations have been hit with an APT. The same study illustrates that social engineering was one of the most used methods cybercriminals used to gain entry to an organization’s network.
- The average cost of cybercrime has risen to $7.7 million in 2015.
- Cybercrime costs the average business $15 million each year, which is 20% more than last year.