Data Security 07-29-2016

This Month in SSL: July 2016

Mark Santamaria

Here is our latest news roundup of articles about network and SSL security. (Click here to see the whole series.)

Data Security

  • Mozilla Firefox announced that they plan to deprecate Flash from its browser in the next few months, which is sooner than what they previously planned.
  • Some Pokemon Go related apps can steal contact lists, photos, and login credentials.

Data Breaches

  • A data breach at the Massachusetts General Hospital exposed PII of 4,300 patients.
  • Ubuntu Forum experienced a data breach, exposing usernames, email addresses, and IP addresses for 2 million users.
  • Hackers stole account details for 1.6 million Clash of Kings forum members.
  • Datadog notified users and admins that they suffered a data breach. They urged users and admins to change login credentials.

Vulnerabilities

  • Adobe’s latest batch of bundles fixed 52 vulnerabilities that allowed remote code execution.
  • Oracle patched 276 flaws in over 80 of their products in what is the largest bundle of patches for the company to date.
  • Dell patched several vulnerabilities in their central management system.
  • Bugs in SAP HANA and SAP Trex could give an attacker access to sensitive business information.
  • Juno fixed vulnerabilities in their operating system, one of which could grant an attacker administrative access to devices.
  • Cisco patched the remote execute command vulnerability in its Unified Computing System.
  • Apple fixed a newly discovered remote execution flaw in their products.
  • A D-Link vulnerability affected more than 400,000 devices.
  • A 20-year-old bug in printers could lead to malware installation.

Malware

  • AVG created six free decrypting tools to help combat increasing ransomware attacks.
  • It doesn’t matter if Ranscam victims pay the ransom, this new ransomware deletes encrypted files regardless.
  • Satana ransomware not only encrypts files, but also encrypts the master boot record so devices are unable to load the OS.
  • One Android Trojan steals financial login data and keeps victim from contacting their bank.
  • Keydnap malware targets security researchers using Mac.
  • Security researchers discovered a stealthy malware that targets energy companies.

Cybercrime

  • A group of hackers targeted Pokemon Go servers to find exact location of pokemon.
  • After being shut down in June, xDedic, a site that offers access to compromised servers, is now back online.
  • Akamai noted that recent DDoS attacks could mean criminals will attack with increasingly longer campaigns.

IoT

Healthcare

  • New guidance from the U.S. Department of Human Services addresses the growing threat ransomware poses for healthcare organizations.

Research & Studies

  • Over half of organizations fail to secure privileged accounts.
  • The Black Hat Attendee Survey found that 72% of respondents feel they will experience a major data breach within a year.
  • Over half of small to medium-sized businesses were victims of a data breach in the last year, according to a Ponemon Institute study.
  • An Imperva report revealed that 29% of web traffic is from malicious bots.
  • Payment card fraud is on the rise. One study showed one in three consumers is victimized worldwide.

Events

  • Black Hat USA is returning for its 19th year in Las Vegas. The cybersecurity conference will begin July 30th and go to August 2nd.
UP NEXT
PKI

3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min

Featured Stories

07-03-2024

What is a CA’s Role in delivering digital trust?

Why certificate automation is an absolute must

11-15-2024

4 steps to secure the IIoT device lifecycle