Malware 11-25-2015

This Month in SSL: November 2015

Mark Santamaria

Here is our latest news roundup of articles about network and SSL security. ( to see the whole series.)

SSL & Encryption News

  • Microsoft is reconsidering when they will deprecate support for SHA-1 Certificates due to research about increasing risks associated with using this hash. This discusses deprecating the algorithm as early as June 2016.
  • it is planning to deprecate DHE cipher suites to encourage sites move over to ECDHE-based cipher suites.
  • Early this month, . It comes with updated security indicators Mozilla designed to better convey a site’s security status for users.
  • Google updated technology to include for sites that could contain social engineering content.

Data Breaches

  • following a breach that compromised customers' email addresses and passwords.

Vulnerabilities

  • Dell shipped two laptops with a , making it possible for anyone to sign a SSL Certificate and impersonate any HTTPS site.
  • Security researcher writes to show that Apple operating systems are as vulnerable as other operating systems. He sent the proof of concept to Apple and Symantec.

Malware

  • discovered a malware campaign that redirected users to casino websites meant to distract users while the malware infected their computers.
  • Ransomware creators used a new malware named to encrypt local files and then threatened to release files to the internet if they are not paid a ransom.

Cybercrime

  • After their servers went down because of a DDoS attack, received a ransom demand for 15 bitcoins, which they paid.
  • observed a multi-layered spamming botnet they named “Torte” or Cake. The botnet, made up of more than 80,000 compromised systems, targets major server operating systems.

Data Security

  • Because of the , a security researcher is working on building a new method to mitigate attackers exploiting bugs.
  • The U.S. Government published a to use in managing personal identifiable information.

Mobile

  • A security researcher discovered a . The bug allowsphishing emails to slip past Google’s phishing protection.

Research & Studies

  • estimates that by 2016 IoT devices will reach almost 6.4 billion. By 2020 they estimate IoT deviceswill increase to 20.8 billion.
  • A of 200 cybersecurity professionals revealed that 60% of management in organizations are not informed about cyberthreats.
  • A survey reports that .
  • Endpoint security is weak or nonexistent in almost half of federal agencies, according to a new .
  • A shows that only eight out of fifty U.S. states are decently prepared to battle cyberthreats.
UP NEXT
PKI

3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min

Featured Stories

12-04-2024

How artificial intelligence is reshaping digital trust

12-18-2024

Announcing the new open-source DCV library from

How to spot a fraudulent website