¶ºÒõ¹Ý

Here is our latest news roundup of articles about network and SSL security. ( to see the whole series.)

SSL & Encryption

•   users experienced some hiccups when Mozilla decided that the browser should reject all SHA-1 certificates starting January 1. Security scanners and antivirus products failed to connect to HTTPS sites when the change was implemented. Mozilla ended up . Google, on the other hand, anticipated the implications of deprecating all SHA-1 certificates for security scanners and antivirus software, and they will .

Data Breaches

• Cyber criminals hit with a POS attack, compromising guest credit cards in 250 hotels and 50 nations.
• Recently a hacker compromised the account of security researcher Brian Krebs twice in the same day. The hacker was attempting to send money to a deceased ISIS hacker.
• After suffering repeated DDoS attacks and then a suspected data breach, New Jersey-based company .

Vulnerabilities

• released an update for a vulnerability that could leak cryptographic keys.
• A flaw in could affect tens of millions of servers and Android devices. If exploited, the flaw could grant any unauthorized user root access to servers or devices.
• warned users in an advisory statement that they found a vulnerability in their chat client Jabbar. An attacker could exploit the vulnerability by performing a TLS downgrade attack and then a man-in-the-middle attack.
• In a controversial move, recently posted a list of popular industrial products that ship with default passwords. Their hope was to motivate vendors to build products with better security in mind.

Cybercrime

• Hackers attacked leaving hundreds of thousands without power. revealed that the hackers used several attack techniques, including malware injection and a telephone denial-of-service attack.
• A may prove to be the largest attack in history. The group who launched the attack said it reached 602 Gbps, which is almost double that of the largest attack observed.
• A researcher discovered a way to that are indistinguishable from legitimate notifications. The fraudulent notification leads to a unsecure website where an attacker could capture a user’s login credentials.
• impersonating technical support are targeting Dell customers. The scams are difficult to detect because the scammers obtained sensitive consumer information only Dell workers would have access to.

Research & Studies

• reveals that 64% of senior IT executives feel that adhering to compliance requirements is more than enough to secure their organization.
• estimates that fraudulent web traffic could cost advertisement firms $7.2 billion this year.
• Although companies are spending on average over , almost 30% of phishing emails still make it through the nets.
• Stolen healthcare records are not a problem just for the health sector. A shows that the problem extends to all sectors.
• Nearly share personal information with everyone on social media and not just friends, compromising themselves and their employers.