Internet of Things 03-25-2016

This Month in SSL: March 2016

Mark Santamaria

Here is our latest news roundup of articles about network and SSL security. ( to see the whole series.)

SSL & Encryption

  • Security researchers have discovered a flaw dubbed the that allows an attack to decrypt traffic from secure servers supporting SSLv2, which is obsolete. Soon after researchers announced the vulnerability, released a patch to fix it.

Data Security in General

  • The ran from February 29th to March 4th. Click the link for highlights of the conference.
  • In an effort to discover the vulnerabilities in their websites, the issued a public invitation for hackers to participate in their “Hack the Pentagon” program.

Data Breaches

  • revealed in a press release that a laptop containing PII for over 200 thousand patients was stolen.
  • , a DDoS mitigation service provider, suffered a data breach and received advice from the hackers on how to better secure their network.
  • an outdoor equipment retailer, suffered a data breach affecting 250 thousand of their customers.

Vulnerabilities

  • patched almost 40 vulnerabilities in Windows, IE, and Edge, some of which allowed for a remote code execution.
  • released more updates for Flash Player that addressed 18 critical vulnerabilities.
  • Security researchers found that a security patch that was thought to have fixed a vulnerability in 30 months ago is still vulnerable to exploit.

Malware

  • is a new ransomware, and although it is only a few weeks old, it has quickly become one of the most used types of ransomware.
  • A targeted users visiting major news, entertainment sites such as The New York Times, the BBC, MSN, AOL and others.
  • A previous version of contained a flaw that allowed victims the ability to recover their encrypted files without having to pay a ransom. Unfortunately, the malware writers have fixed that flaw and there is no way to recover files without paying a ransom.
  • Hackers targeted online gaming platform, stealing gamers’ credentials and gaming items they in turn sell on the black market.

Cybercrime

  • Phishers sent emails that appeared to come from , a department of the Russian Central Bank that is tasked with dealing with cyberattacks, to dozens of Russian banks in a well-executed and planned phishing attack.
  • Researchers observed attackers using business email compromise, a type of phishing attack, to gain a foothold and then infect compromised computers with a .
  • As Tax Day approaches, the IRS expects cyber criminals to target taxpayers using phishing emails. They estimate that .

IoT

  • A hacker revealed at RSA how he is able to because of their lack of encryption.
  • This month the , stating that they now regard remote hacking and hijacking a vehicle as a very real threat the public faces.

Research & Studies

  • In a , explains the reasons behind the do’s and don’ts of cybersecurity practices.
  • released their 2015 Q4 State of the Internet Security Report. The report covers the changes attackers have implemented in executing DDoS attacks.
  • is now the preferred attack method cybercriminals use, according to a new study by Trend Micro.
  • A new study discusses malware and the difficulty IT experts have in mitigating malware attacks.
  • According to another study, found that Healthcare organizations suffer one cyberattack each month on average.
  • A survey revealed that 55% of UK consumers are okay with sharing their passwords with others.
  • Another on passwords shows how important it is to include case sensitivity in password policies.
UP NEXT
PKI

3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min

Featured Stories

07-03-2024

What is a CA’s Role in delivering digital trust?

11-11-2024

FIPS 140-3 certification unlocked for TrustCore SDK

10-31-2024

Announcing the GA release of Device Trust Manager