Why Hello There!
Another news week to wrap up, a bit slower than usual but still have some good stuff. So let’s get to it.
- First story of the week brings news of another TLS vulnerability. This one is called “logjam” and is similar to the “FREAK” vulnerability. This time, the weakness is in specific implementations of the “Diffie-Hellman” key exchange algorithm. Exploitation of said vulnerability allows the attacker to read and alter data that should be secure. At the link, you can check if your browser is vulnerable to this attack. It hasn’t been a good year for SSL/TLS…
- Read More @ https://blog.malwarebytes.org/security-threat/2015/05/the-logjam-attack-what-you-need-to-know/
- Last week we brought you a story about a Colorado based security firm discovering information indicating that the “APT28” group was planning an attack on a number of banks. Well, according to some research from Brian Krebs, it looks like that might have been incorrect. After doing some digging, Krebs discovered that the domain used to make the above correlation to APT28 was actually most recently used by Nigerian spammers. Not quite the same level of threat, one would say.
- Read More @ http://krebsonsecurity.com/2015/05/security-firm-redefines-apt-african-phishing-threat/
- Next, some privacy news. It looks like senator Rand Paul is trying to block the renewal of the PATRIOT Act through a filibuster. Hopefully this brings some attention to this topic, and a renewal of a clearly over-reaching and ineffective spying can be stopped.
- Read More @ http://www.afterdawn.com/news/article.cfm/2015/05/20/rand-paul-trying-to-block-patriot-act-renewal
- Next, a new paper has been released by a team of researchers from Purdue University, that outlines a new way to improve password security. Ersatz Scheme works by tying password security to a hardware security module, which means in order to get access to the real password data you would need the access to the hardware security module on the authorized server. In addition, this scheme also provides fake passwords to the attacker, that can be used as a canary indicating a potential attack.
- Read More @ https://threatpost.com/ersatz-scheme-deceives-hackers-protects-stored-passwords/112973
- Lastly, another health care related breach was discovered this week, this time affecting the information of about 1.1 million CareFirst, BlueCross, BlueShield customers. The breach was discovered fairly quickly, but it does show that health care is the big target for the year.
- Read More @ www.infosecurity-magazine.com/news/11-million-hack-carefirst-blue/