Here is our latest news roundup of articles about network and SSL security. Click here to see the whole series.

SSL & Encryption News

• Early in July the OpenSSL Project announced they would be releasing a patch for a high severity vulnerability that allowed an attacker to impersonate a trusted server.
• Researchers found that a known attack technique used against RC4 cipher suite could also be used to break into WiFi networks.
• Both Google Chrome and Mozilla Firefox released updated versions of their browsers, fixing a number of vulnerabilities. Google released Chrome 44, and Mozilla released Firefox 39.

Data Breaches

• The Hacking Team suffered a data breach in early July. More than 400 GB of information was stolen.
• Lifelock, the ID theft protection firm, did not protect their network sufficiently, resulting in a data breach.
• Epic Games forum was hacked in mid-July. It is unknown what information was stolen, but users’ login credentials, emails addresses, and DOB were likely affected.
• Mandarin Oriental Hotel Group announced that 10 of its properties were affected by a recent data breach.
• A year ago JPMorgan Chase discovered a hack that compromised 83 million accounts. This year U.S. law enforcement arrested five individuals who are believed to be involved in the breach.

Internet of Things

• The first zero-day exploit is now available for cars. Security researchers Charlie Miller and Chris Valasek demonstrated the hack on a Jeep Cherokee.
• A recently discovered vulnerability could be more deadly than others affecting IoT. Two researchers discovered a vulnerability in a self-aiming rifle through the WiFi network.
• Researchers found vulnerabilities in three of the most popular Smart Home Hubs.

Cybercrime

• Scammers use cloaking technique and apply it to PDFs, slipping past Google filters.
• Cybercriminals exploit a vulnerability found in common routers that has been around for over 25 years.

Malware

• Malware sent via a text message could infect Android phones, even if users don’t open the text. 950 million Android mobile devices are affected.
• Andromeda botnet infects new point-of-sale systems with new malware called GamaPoS.
• Cowboy Adventure and Jump Chess, legitimate games on Google Play, contained functions to harvest Facebook login credentials.
• A recently discovered bug in OpenSSH software allows hackers the ability to submit thousands of password guesses in very little time.

Research & Studies

• An Acunetix report discovered that all the websites in their study have medium to high vulnerabilities.
• A recent study which analyzed a quarter million endpoint devices detected targeted intrusions in all 40 of the participating enterprises.