Here is our latest news roundup of articles about network and SSL security. (Click here to see the whole series.)

SSL & Encryption

• Microsoft announced they will deprecate SHA-1 within the next four months.
• OpenSSL released versions 1.0.2h and 1.0.1t, which fixed one high-severity flaw and four low-severity flaws.
• Google takes another step towards pushing a HTTPS-everywhere web by offering HTTPS support for blogspot domain blogs.

Data Breaches

• Kiddicare experienced a data breach that exposed sensitive information for 794,000 of their customers.
• Kroger announced that the Equifax W-2Express breach may have exposed former and current employees’ information, including SSN and birth dates.
• In the past few months seven former employees of the Federal Deposit Insurance Corporation left with thumb drives containing personal banking information for 160,000 U.S. residents.
• An InvestBank in the United Arabs Emirates leaked tens of thousands of records online.
• Russian email service exposed 272 million usernames and passwords in a data breach.
• A flaw in the pwnedlist.com service a website that alerts companies when their users’ email passwords and usernames have been compromised caused a breach, exposing 866 million accounts.

Vulnerabilities

• Microsoft released patches for 51 vulnerabilities affecting some of their products, including Windows, IE, Microsoft Edge, and Office.
• A recently discovered flaw in several Symantec antivirus programs allow a hacker the ability to compromise computers.
• Attackers exploit Image Tragick vulnerability in the image processing software.
• GitLab patches vulnerabilities that allowed users to log in as admins.

Malware

• Security researchers found that two banks recently targeted in malware attacks have connections to the 2014 Sony Pictures hack.
• A click-fraud botnet which can reconfigure browser settings infected 900,000 computers worldwide.
• US House of Representatives warned about the rise of phishing emails and ransomware attacks.
• Maisto, a toy company, conducted maintenance after researchers found the site was serving up ransomware.

Cybercrime

• Scammers successfully phish 2015 W-2 records compromising thousands of taxpayers’ records.
• Cybercriminals hack ADP payroll portal and steal 64,000 employee salary data.
• Hacktivist group Anonymous attacks banks across the globe with DDoS attacks.
• Attackers posing as a company executive successfully trick an investment firm to transfer $495,000 to a bank in China.
• Malwarebytes discovered a scamming site impersonating them and other cybersecurity companies. The scammers copied images and content to trick users into paying them for services.

IoT

• A flaw in Samsung’s Smart Home system allows an attacker the ability to make keys to the front door.
• John Deere takes their farm equipment into the world of IoT.

Research & Studies

• A new Ponemon Institute study revealed that almost 90% of healthcare organizations have suffered a data breach.
• Ransomware attacks increased by 14% from the previous quarter, according to a study by Kaspersky Labs.
• In their Q1 Spam and phishing report, Kaspersky observed over 22 million email antivirus detections, which is four times higher than last year.
• DoS attacks could cause organizations to lose over $100,000 per hour of downtime, says a recent study.
• Juniper Research predicts online transaction fraud will have cost organizations $25.6 billion by 2020.