DigiCert Blog

This Month in SSL: July 2016

Here is our latest news roundup of articles about network and SSL security. (Click here to see the whole series.)

Data Security

  • Mozilla Firefox announced that they plan to deprecate Flash from its browser in the next few months, which is sooner than what they previously planned.
  • Some Pokemon Go related apps can steal contact lists, photos, and login credentials.

Data Breaches

  • A data breach at the Massachusetts General Hospital exposed PII of 4,300 patients.
  • Ubuntu Forum experienced a data breach, exposing usernames, email addresses, and IP addresses for 2 million users.
  • Hackers stole account details for 1.6 million Clash of Kings forum members.
  • Datadog notified users and admins that they suffered a data breach. They urged users and admins to change login credentials.

Vulnerabilities

  • Adobe’s latest batch of bundles fixed 52 vulnerabilities that allowed remote code execution.
  • Oracle patched 276 flaws in over 80 of their products in what is the largest bundle of patches for the company to date.
  • Dell patched several vulnerabilities in their central management system.
  • Bugs in SAP HANA and SAP Trex could give an attacker access to sensitive business information.
  • Juno fixed vulnerabilities in their operating system, one of which could grant an attacker administrative access to devices.
  • Cisco patched the remote execute command vulnerability in its Unified Computing System.
  • Apple fixed a newly discovered remote execution flaw in their products.
  • A D-Link vulnerability affected more than 400,000 devices.
  • A 20-year-old bug in printers could lead to malware installation.

Malware

  • AVG created six free decrypting tools to help combat increasing ransomware attacks.
  • It doesn’t matter if Ranscam victims pay the ransom, this new ransomware deletes encrypted files regardless.
  • Satana ransomware not only encrypts files, but also encrypts the master boot record so devices are unable to load the OS.
  • One Android Trojan steals financial login data and keeps victim from contacting their bank.
  • Keydnap malware targets security researchers using Mac.
  • Security researchers discovered a stealthy malware that targets energy companies.

Cybercrime

  • A group of hackers targeted Pokemon Go servers to find exact location of pokemon.
  • After being shut down in June, xDedic, a site that offers access to compromised servers, is now back online.
  • Akamai noted that recent DDoS attacks could mean criminals will attack with increasingly longer campaigns.

IoT

Healthcare

  • New guidance from the U.S. Department of Human Services addresses the growing threat ransomware poses for healthcare organizations.

Research & Studies

  • Over half of organizations fail to secure privileged accounts.
  • The Black Hat Attendee Survey found that 72% of respondents feel they will experience a major data breach within a year.
  • Over half of small to medium-sized businesses were victims of a data breach in the last year, according to a Ponemon Institute study.
  • An Imperva report revealed that 29% of web traffic is from malicious bots.
  • Payment card fraud is on the rise. One study showed one in three consumers is victimized worldwide.

Events

  • Black Hat USA is returning for its 19th year in Las Vegas. The cybersecurity conference will begin July 30th and go to August 2nd.
Share on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn1

About Mark Santamaria

Mark is a Content Writer at DigiCert where he focuses on introductory topics for data security. He also does a monthly SSL in the news recap. His interests include penetration testing, social engineering, and data threat prevention.