Here is our latest news roundup of articles about network and SSL security. ( to see the whole series.)
SSL & Encryption
- Security researchers have discovered a flaw dubbed the that allows an attack to decrypt traffic from secure servers supporting SSLv2, which is obsolete. Soon after researchers announced the vulnerability, released a patch to fix it.
Data Security in General
- The ran from February 29th to March 4th. Click the link for highlights of the conference.
- In an effort to discover the vulnerabilities in their websites, the issued a public invitation for hackers to participate in their “Hack the Pentagon” program.
Data Breaches
- revealed in a press release that a laptop containing PII for over 200 thousand patients was stolen.
- , a DDoS mitigation service provider, suffered a data breach and received advice from the hackers on how to better secure their network.
- an outdoor equipment retailer, suffered a data breach affecting 250 thousand of their customers.
Vulnerabilities
- patched almost 40 vulnerabilities in Windows, IE, and Edge, some of which allowed for a remote code execution.
- released more updates for Flash Player that addressed 18 critical vulnerabilities.
- Security researchers found that a security patch that was thought to have fixed a vulnerability in 30 months ago is still vulnerable to exploit.
Malware
- is a new ransomware, and although it is only a few weeks old, it has quickly become one of the most used types of ransomware.
- A targeted users visiting major news, entertainment sites such as The New York Times, the BBC, MSN, AOL and others.
- A previous version of contained a flaw that allowed victims the ability to recover their encrypted files without having to pay a ransom. Unfortunately, the malware writers have fixed that flaw and there is no way to recover files without paying a ransom.
- Hackers targeted online gaming platform, stealing gamers’ credentials and gaming items they in turn sell on the black market.
Cybercrime
- Phishers sent emails that appeared to come from , a department of the Russian Central Bank that is tasked with dealing with cyberattacks, to dozens of Russian banks in a well-executed and planned phishing attack.
- Researchers observed attackers using business email compromise, a type of phishing attack, to gain a foothold and then infect compromised computers with a .
- As Tax Day approaches, the IRS expects cyber criminals to target taxpayers using phishing emails. They estimate that .
IoT
- A hacker revealed at RSA how he is able to because of their lack of encryption.
- This month the , stating that they now regard remote hacking and hijacking a vehicle as a very real threat the public faces.
Research & Studies
- In a , explains the reasons behind the do’s and don’ts of cybersecurity practices.
- released their 2015 Q4 State of the Internet Security Report. The report covers the changes attackers have implemented in executing DDoS attacks.
- is now the preferred attack method cybercriminals use, according to a new study by Trend Micro.
- A new study discusses malware and the difficulty IT experts have in mitigating malware attacks.
- According to another study, found that Healthcare organizations suffer one cyberattack each month on average.
- A survey revealed that 55% of UK consumers are okay with sharing their passwords with others.
- Another on passwords shows how important it is to include case sensitivity in password policies.