ÃÛÌÒTV

Breaches 01-29-2016

This Month in SSL: January 2016

ÃÛÌÒTV

Here is our latest news roundup of articles about network and SSL security. ( to see the whole series.)

SSL & Encryption

  • Ìý users experienced some hiccups when Mozilla decided that the browser should reject all SHA-1 certificates starting January 1. Security scanners and antivirus products failed to connect to HTTPS sites when the change was implemented. Mozilla ended upÌý. Google, on the other hand, anticipated the implications of deprecating all SHA-1 certificates for security scanners and antivirus software, and they will .

Data Breaches

  • Cyber criminals hit with a POS attack, compromising guest credit cards in 250 hotels and 50 nations.
  • Recently a hacker compromised the account of security researcher Brian Krebs twice in the same day. The hacker was attempting to send money to a deceased ISIS hacker.
  • After suffering repeated DDoS attacks and then a suspected data breach, New Jersey-based company .

Vulnerabilities

  • released an update for a vulnerability that could leak cryptographic keys.
  • A flaw in could affect tens of millions of servers and Android devices. If exploited, the flaw could grant any unauthorized user root access to servers or devices.
  • warned users in an advisory statement that they found a vulnerability in their chat client Jabbar. An attacker could exploit the vulnerability by performing a TLS downgrade attack and then a man-in-the-middle attack.
  • In a controversial move, recently posted a list of popular industrial products that ship with default passwords. Their hope was to motivate vendors to build products with better security in mind.

Cybercrime

  • Hackers attacked leaving hundreds of thousands without power. revealed that the hackers used several attack techniques, including malware injection and a telephone denial-of-service attack.
  • A may prove to be the largest attack in history. The group who launched the attack said it reached 602 Gbps, which is almost double that of the largest attack observed.
  • A researcher discovered a way to that are indistinguishable from legitimate notifications. The fraudulent notification leads to a unsecure website where an attacker could capture a user’s login credentials.
  • impersonating technical support are targeting Dell customers. The scams are difficult to detect because the scammers obtained sensitive consumer information only Dell workers would have access to.

Research & Studies

  • reveals that 64% of senior IT executives feel that adhering to compliance requirements is more than enough to secure their organization.
  • estimates that fraudulent web traffic could cost advertisement firms $7.2 billion this year.
  • Although companies are spending on average over , almost 30% of phishing emails still make it through the nets.
  • Stolen healthcare records are not a problem just for the health sector. A shows that the problem extends to all sectors.
  • Nearly share personal information with everyone on social media and not just friends, compromising themselves and their employers.
UP NEXT
PKI

3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min

Featured Stories

07-03-2024

What is a CA’s Role in delivering digital trust?

11-27-2024

6 actionable ways to secure the IIoT at every stage

Tracking the progress toward post-quantum cryptography

The state of PQC since the publication of FIPS 203, 204 and 205