Here is our latest news roundup of articles about network and SSL security. (Click here to see the whole series.)
SSL & Encryption News
- Certificate Transparency saves the day by detecting and alerting Google of unauthorized certificates.
- This month Google, Microsoft, and Mozilla officially announced that they will deprecate RC4 support in early 2016. Google and Microsoft have not specified a date when RC4 support would end. However, Mozilla stated they would end support January 26, 2016, the same date as the release date of Firefox 44.
Data Breaches
- Mozilla announced that an attacker had obtained a privileged user’s password, granting the attacker access to Mozilla’s bug-tracker Bugzilla and sensitive information.
- More news about the Office of Personnel Management breach: Approximately 5.6 million sets of fingerprints were stolen.
Vulnerabilities
- Although organizations have known about the Heartbleed bug since April of last year, John Matherly, founder of the IoT search engine Shodan, discovered that 200,000 devices are still vulnerable to Heartbleed. Over a quarter of the vulnerable devices are in the U.S.
- The Department of Homeland Security recently underwent a cybersecurity audit, which found that the department is still vulnerable to attacks and lacks proper cybersecurity training for its employees. DHS has acknowledged the issue and has announced they will remedy these problems by November 30, 2015.
Malware
- Apple removed 40 infected apps from iTunes App Store.
- Hackers use Google Search Console to increase chances of infecting users with malware on compromised sites.
- Malware infected game makes sneaks into Google Play store twice, potentially affecting over a million users.
- Malwarebytes researchers discovered a malvertising campaign that ran undetected for three weeks. Malverstising campaigns are usually shut down within days of discovery.
- Malware infects WordPress sites through vulnerable plugins. Compromised sites redirect users to unsecure landing page.
- Former AT&T employees sell phone unlocking codes, affecting hundreds of thousands of phones.
Research & Studies
- Employees were found to be the cause for data loss in 43% of cases.
- Employees put organizations at risk of data breaches by knowingly downloading suspicious or unsecure apps.
- A recent study by KPMG found that over 80% of hospitals and health insurance companies have been breached in the past two years.
- This study names the five “most hackable” cars. Did yours make the list?
- The average cost an enterprise spends to recover from a data breach is over $550,000 according to Kaspersky Labs.
- PandaLabs recorded a 43% increase (compared to 2014) in new malware samples detected daily over a three-month period.
- McAfee Threat Labs Reports shows that ransomware rose by 58% in Q2.