Here is our latest news roundup of articles about network and SSL security. Click here to see the whole series.

SSL & Encryption News

• New CA/B Forum Baseline Requirements make it so Certificate Authorities can only issue certificates with validity periods up to 39 months starting on April 1.
• The final touches are being put on HTTP/2, and we should see it in browsers within weeks.
• It’s no secret that users blatantly ignore browser warnings, so is an effort to help users Google has redesigned its SSL warnings in Chrome.
• In mid-February, Microsoft announced that Internet Explorer will support HSTS in the Windows 10 Technical Preview.

Data Security

• Earlier this month, Google decided to relax their rigid 90-day vulnerability disclosure period.

Data Breaches

• The healthcare provider Anthem was breached, affecting 80 million customers and employees.
• Gemalto, the largest manufacturer of SIM cards, investigates the data breach that resulted in encryption keys being stolen and the compromise of mobile communications in 450 wireless providers worldwide.
• The hackers who attacked Target and Home Depot have now targeted Book2Park.com, which is an online parking reservation service for airports.
• After a recent data breach, the gaming social network Raptr asked users to change their passwords.
• An insider threat made the theft of $700,000 Apple gift cards possible.
• Senior Health Partners suffers a data breach due to the theft of a laptop and smartphone with records of 2,700 members.

Vulnerabilities

• One of the recent Adobe Flash Player vulnerabilities becomes a backdoor for ransomware out of Russia.
• A new cross-site scripting vulnerability was found in Internet Explorer that allows attackers to steal user credentials.

Malware

• Data security best practices were ignored when Lenovo shipped laptops with Superfish adware that broke HTTPS connections and left users vulnerable to man-in-the-middle attacks.
• Comodo's advertising software PrivDog exposes users to potential man-in-the-middle attacks.
• An Israeli company called Komodia was found to be behind several Trojans as well as SSL-hijacking software.
• Dyreza, a banking Trojan disguised as a fax message, infects thousands of users, stealing their sensitive financial information.

Internet of Things

• With the recent demo of a hacker hijacking a car in minutes, it’s no wonder that automakers would avoid talking about cyber security. But Massachusetts Senator Edward Markey is looking for answers, and reveals some disturbing things.
• Samsung smart television voice recognition features may be capturing personal information.

Reports & White Papers

• A study conducted by the Ponemon Institute exposes the effectiveness of visual hacking.
• Out of 1 million apps that were analyzed in the February 2015 Mobile Threat Report, many of the most malicious and risky apps came from U.S. publishers.
• According to a recent study, 58% of US businesses were targeted by a DDoS attack in 2014.
• A new study shows the percentage of malware that sneak past antivirus software, and the number is staggering.

Events

• Because of the data breaches in 2014, the US government is allocating money to its newly formed cybersecurity unit (and cyber security in general) and met at Stanford University for a cybersecurity summit this month.