ICYMI: Snapchat hack; TLS Drowned; Medical ransomware; Norway/China; SSL VPN insecure

The latest In Case You Missed It (ICYMI) looks at Snapchat whaled; Drown hits TLS; Hospitals ransomed; Chinese espionage in Norway; 90% of SSL VPNs insecure


Snapchat got whaled, employee payroll released

The social media company Snapchat has been made the victim of a Whaling attack which resulted in private payroll information being released.  On Friday 26th, a Snapchat employee was targeted by a scammer impersonating the Snapchat CEO, Evan Spiegel who asked the unfortunate employee for payroll information, which was duly handed over.

In a blog admitting the attack Snapchat said that no user information was accessed and no internal systems were breached.  More...

Drown attack could break TLS for third of websites

A recent research paper demonstrates that if an HTTPS server supports SSLv2, a hacker can exploit this to decrypt intercepted connections from clients even if those connections are using the most secure, up-to-date version of the TLS protocol.  The vulnerability, dubbed DROWN (Decrypting RSA with Obsolete and Weakened Encryption), is found in many web servers that still support an old, insecure SSL (Secure Sockets Layer) version 2 protocol (which was succeeded by SSLv3 as far back as 1996). An OpenSSL update has been rushed out to fix this major flaw.  More...

Ransomware holds data hostage in two German hospitals

A ransomware campaign hit two German  hospitals, leaving them unable to access their systems. The virus had started to encrypt files, but the plug was pulled on  “everything” and files are being replaced from backup. It is thought the clean-up operation to remove all traces of the malware could take weeks.

German broadcaster Deutsche Welle says the attack took place two weeks ago at the Lukas Hospital in Neuss, and at the Klinikum Arnsberg hospital in North Rhine-Westphalia. It is not known if the two attacks are related. More...

Norway officially accuses China of stealing military secrets

Threat actors in China have stolen confidential information from Norwegian companies which is now being used in Chinese military technology says General Lt Morten Haga Lunde, head of the Norwegian intelligence agency E-tjenesten. He has accused China of involvement in cyber-espionage activities in the country but not revealled which companies were hit nor what technology was stolen. This is believed to be the first time this Nato government has unequivocally accused China – though it could be non-government Chinese hackers working with government sanction. More...

90% of SSL VPNs have outdated or insecure encryption

Nine out of 10 SSL VPN servers use insecure or outdated encryption, which puts corporate data at risk according to a High-Tech Bridge study of 10,436 randomly selected SSL VPN servers from large vendors. The company claims that 77 percent of all SSL VPNs use SSLv3 or SSLv2 to encrypt traffic, yet both of these versions are considered insecure.

About 41 percent of the servers use insecure 1024 key length for their RSA certificates: untrusted SSL certificates are used by 76 percent of all SSL VPN servers; almost three quarters (74 percent) of certificates have insecure SHA-1 signatures and five percent us MD5 hashes. More...

SC Webcasts UK

Sign up to our newsletters