This Month in SSL: June 2016

June 24, 2016 Mark Santamaria

Here is our latest news roundup of articles about network and SSL security. (Click here to see the whole series.)

Data Security

  • Microsoft takes a stand against weak passwords by banning common passwords and using smart password lockout in Microsoft Account System and private preview Azure AD.

Data Breaches

  • A hacker who goes by the name Guccifer 2.0 claims he or she hacked the Democratic National Committee, supposedly proving it by posting the stolen files online.
  • VerticalScope, a website acquisition and development company, suffered a data breach of over 45 million records affecting more than 1,100 websites.
  • Because of a flaw in their automated email system, Let’s Encrypt leaked 7,618 of their users’ email addresses.

Vulnerabilities

  • Researchers demonstrate how to hijack a Facebook account using the target victim’s phone number and a flaw in the SS7 network.
  • Adobe warns that a vulnerability is currently being exploited out in the wild. They believe that a cyberespionage group is using the bug to launch targeted attacks.
  • Microsoft released security updates for over forty vulnerabilities, six of which are considered critical.
  • A researcher discovered two vulnerabilities in two models of Netgear routers.
  • A software flaw in a Juniper’s JunOS router could result in a DDoS attack.
  • Google released patches for eight critical vulnerabilities and 28 high-severity vulnerabilities.
  • A flaw in Facebook’s Chat and Messenger app could allow an attacker the ability to view and modify chats, and distribute malware.
  • A zero-day exploit for Windows is selling for $90,000 on an underground market.
  • A white hat hacker informs the Better Business Bureau of a flaw in their website that could have led to a data breach.

Malware

  • Malware developers incorporate old and new techniques to infect users’ devices with Zcrypt ransomware.
  • A new ransomware named Crysis is quietly stealing the spotlight from the prevalent Locky ransomware.
  • University of Calgary gives-in to ransom demands and pays $20,000 in order to decrypt their files.
  • A security researcher discovered ransomware that not only encrypts files, but also mocks researchers with messages contained inside the source code.
  • FastPOS malware steals and delivers credit card data in an instant, which differs from other POS malware that stores stolen data locally and delivers it later bit by bit.

Cybercrime

  • Cybercriminals sell compromised government servers for $6 on an online black market.
  • Cybercriminals targeted one company with a DDoS extortion attack. Instead of giving to demands, the company alerted their clients about the coming attack.

IoT

Research & Studies

  • FBI issues warning of the rise in BEC scams that have stolen over $3 billion from companies.
  • The average cost of data breaches has risen to over $4 million dollars, according to Ponemon Cost of Data Breach 2016 report.
  • A new study reveals that IT experts are not confident about their companies’ cyberincident response plans.
  • A study finds that one-third of organizations suffered a data breach in the past year.
  • Phishing emails that contain malware have increased 37% from December 2015 to March 2016.
  • Researchers found that half of the ads users click on in free live-streaming websites lead to malicious links.

Previous Article
Protecting the IoT with Security Solutions Now
Protecting the IoT with Security Solutions Now

Some factors in the IoT world are too complex for basic security practices and need a stronger security sol...

Next Article
SSL/TLS: Just the Beginning for Data Security
SSL/TLS: Just the Beginning for Data Security

Using the right SSL Certificate based specific need is critical for secure communications.