DigiCert Blog

This Month in SSL: November 2015

Digital Security News

Here is our latest news roundup of articles about network and SSL security. (Click here to see the whole series.)

SSL & Encryption News

  • Microsoft is reconsidering when they will deprecate support for SHA-1 Certificates due to research about increasing risks associated with using this hash. This blog post discusses deprecating the algorithm as early as June 2016.
  • Google announced it is planning to deprecate DHE cipher suites to encourage sites move over to ECDHE-based cipher suites.
  • Early this month, Mozilla released Firefox 42. It comes with updated security indicators Mozilla designed to better convey a site’s security status for users.
  • Google updated Safe Browsing technology to include red warnings for sites that could contain social engineering content.

Data Breaches

Vulnerabilities

  • Dell shipped two laptops with a digital certificate that uses the same private key, making it possible for anyone to sign a SSL Certificate and impersonate any HTTPS site.
  • Security researcher writes ransomware for Mac to show that Apple operating systems are as vulnerable as other operating systems. He sent the proof of concept to Apple and Symantec.

Malware

  • Malwarebytes researchers discovered a malware campaign that redirected users to casino websites meant to distract users while the malware infected their computers.
  • Ransomware creators used a new malware named Chimera to encrypt local files and then threatened to release files to the internet if they are not paid a ransom.

Cybercrime

  • After their servers went down because of a DDoS attack, ProtonMail received a ransom demand for 15 bitcoins, which they paid.
  • Akamai researchers observed a multi-layered spamming botnet they named “Torte” or Cake. The botnet, made up of more than 80,000 compromised systems, targets major server operating systems.

Data Security

  • Because of the Adobe Flash bug, a security researcher is working on building a new method to mitigate attackers exploiting bugs.
  • The U.S. Government published a privacy policy for federal agencies to use in managing personal identifiable information.

Mobile

  • A security researcher discovered a bug in the Gmail Android app. The bug allows phishing emails to slip past Google’s phishing protection.

Research & Studies

  • Gartner estimates that by 2016 IoT devices will reach almost 6.4 billion. By 2020 they estimate IoT devices will increase to 20.8 billion.
  • A survey of 200 cybersecurity professionals revealed that 60% of management in organizations are not informed about cyberthreats.
  • A survey reports that privileged account management is unreliable in most organizations.
  • Endpoint security is weak or nonexistent in almost half of federal agencies, according to a new study.
  • A new study shows that only eight out of fifty U.S. states are decently prepared to battle cyberthreats.
Share on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn0

About Mark Santamaria

Mark is a Content Writer at DigiCert where he focuses on introductory topics for data security. He also does a monthly SSL in the news recap. His interests include penetration testing, social engineering, and data threat prevention.