DigiCert Blog

This Month in SSL: June 2016

Here is our latest news roundup of articles about network and SSL security. (Click here to see the whole series.)

Data Security

  • Microsoft takes a stand against weak passwords by banning common passwords and using smart password lockout in Microsoft Account System and private preview Azure AD.

Data Breaches

  • A hacker who goes by the name Guccifer 2.0 claims he or she hacked the Democratic National Committee, supposedly proving it by posting the stolen files online.
  • VerticalScope, a website acquisition and development company, suffered a data breach of over 45 million records affecting more than 1,100 websites.
  • Because of a flaw in their automated email system, Let’s Encrypt leaked 7,618 of their users’ email addresses.

Vulnerabilities

  • Researchers demonstrate how to hijack a Facebook account using the target victim’s phone number and a flaw in the SS7 network.
  • Adobe warns that a vulnerability is currently being exploited out in the wild. They believe that a cyberespionage group is using the bug to launch targeted attacks.
  • Microsoft released security updates for over forty vulnerabilities, six of which are considered critical.
  • A researcher discovered two vulnerabilities in two models of Netgear routers.
  • A software flaw in a Juniper’s JunOS router could result in a DDoS attack.
  • Google released patches for eight critical vulnerabilities and 28 high-severity vulnerabilities.
  • A flaw in Facebook’s Chat and Messenger app could allow an attacker the ability to view and modify chats, and distribute malware.
  • A zero-day exploit for Windows is selling for $90,000 on an underground market.
  • A white hat hacker informs the Better Business Bureau of a flaw in their website that could have led to a data breach.

Malware

  • Malware developers incorporate old and new techniques to infect users’ devices with Zcrypt ransomware.
  • A new ransomware named Crysis is quietly stealing the spotlight from the prevalent Locky ransomware.
  • University of Calgary gives-in to ransom demands and pays $20,000 in order to decrypt their files.
  • A security researcher discovered ransomware that not only encrypts files, but also mocks researchers with messages contained inside the source code.
  • FastPOS malware steals and delivers credit card data in an instant, which differs from other POS malware that stores stolen data locally and delivers it later bit by bit.

Cybercrime

  • Cybercriminals sell compromised government servers for $6 on an online black market.
  • Cybercriminals targeted one company with a DDoS extortion attack. Instead of giving to demands, the company alerted their clients about the coming attack.

IoT

Research & Studies

  • FBI issues warning of the rise in BEC scams that have stolen over $3 billion from companies.
  • The average cost of data breaches has risen to over $4 million dollars, according to Ponemon Cost of Data Breach 2016 report.
  • A new study reveals that IT experts are not confident about their companies’ cyberincident response plans.
  • A study finds that one-third of organizations suffered a data breach in the past year.
  • Phishing emails that contain malware have increased 37% from December 2015 to March 2016.
  • Researchers found that half of the ads users click on in free live-streaming websites lead to malicious links.
Share on Facebook0Share on Google+1Tweet about this on TwitterShare on LinkedIn8

About Mark Santamaria

Mark is a Content Writer at DigiCert where he focuses on introductory topics for data security. He also does a monthly SSL in the news recap. His interests include penetration testing, social engineering, and data threat prevention.