Here is our latest news roundup of articles about network and SSL security. (Click here to see the whole series.)

SSL & Encryption News

• Microsoft is reconsidering when they will deprecate support for SHA-1 Certificates due to research about increasing risks associated with using this hash. This blog post discusses deprecating the algorithm as early as June 2016.
• Google announced it is planning to deprecate DHE cipher suites to encourage sites move over to ECDHE-based cipher suites.
• Early this month, Mozilla released Firefox 42. It comes with updated security indicators Mozilla designed to better convey a site’s security status for users.
• Google updated Safe Browsing technology to include red warnings for sites that could contain social engineering content.

Data Breaches

• Comcast reset 200,000 passwords following a breach that compromised customers' email addresses and passwords.

Vulnerabilities

• Dell shipped two laptops with a digital certificate that uses the same private key, making it possible for anyone to sign a SSL Certificate and impersonate any HTTPS site.
• Security researcher writes ransomware for Mac to show that Apple operating systems are as vulnerable as other operating systems. He sent the proof of concept to Apple and Symantec.

Malware

• Malwarebytes researchers discovered a malware campaign that redirected users to casino websites meant to distract users while the malware infected their computers.
• Ransomware creators used a new malware named Chimera to encrypt local files and then threatened to release files to the internet if they are not paid a ransom.

Cybercrime

• After their servers went down because of a DDoS attack, ProtonMail received a ransom demand for 15 bitcoins, which they paid.
• Akamai researchers observed a multi-layered spamming botnet they named “Torte” or Cake. The botnet, made up of more than 80,000 compromised systems, targets major server operating systems.

Data Security

• Because of the Adobe Flash bug, a security researcher is working on building a new method to mitigate attackers exploiting bugs.
• The U.S. Government published a privacy policy for federal agencies to use in managing personal identifiable information.

Mobile

• A security researcher discovered a bug in the Gmail Android app. The bug allows phishing emails to slip past Google’s phishing protection.

Research & Studies

• Gartner estimates that by 2016 IoT devices will reach almost 6.4 billion. By 2020 they estimate IoT devices will increase to 20.8 billion.
• A survey of 200 cybersecurity professionals revealed that 60% of management in organizations are not informed about cyberthreats.
• A survey reports that privileged account management is unreliable in most organizations.
• Endpoint security is weak or nonexistent in almost half of federal agencies, according to a new study.
• A new study shows that only eight out of fifty U.S. states are decently prepared to battle cyberthreats.