News broke yesterday that Hong Kong based Bitcoin exchange Bitfinex fell victim to a DDoS attack, following the SEC warning to investors to ask exchange providers about ‘substantial risks of theft or loss, including from hacking’ in a warning on cryptocurrencies.
News broke this morning that parents with children at fee-paying schools are the latest prospective victims of cybercrime and fraud, with criminals exploiting vulnerable school networks to extract data, which could be used to send fake fee invoices to parents.
According to recent news reports, a 19-year old vulnerability that enabled attackers to decrypt encrypted data and sign communications sites’ secret encryption keys has returned. The vulnerability was disclosed back in 1998 in the TLS predecessor known as secure sockets layer. A recent study found that 27 of the 100 most-visited websites—including Facebook and PayPal—are vulnerable to what is essentially the same attack. About 2.8 percent of the top 1 million sites also tested positive. According to the researchers, it was hiding in plain sight.
Christopher Steffen, CISSP, CISA, Technical Director
“We are a world at war – and most people don’t even know it. It is not a traditional war with bombers, battleships and bazookas. Rather, it is being fought everyday by cyber soldiers, protecting governments and organizations from state-sponsored hackers and organized crime. Unfortunately, most private enterprises and organizations do not have the resources to effectively combat coordinated cyberattacks – it isn’t their core business and information security resources are expensive and hard to come by. But the picture isn’t as bleak as it sounds.
A team of researchers, which includes Tripwire VERT’s Craig Young, have revealed that TLS stacks from at least 8 different vendors, including F5, Citrix, and Cisco are vulnerable to a well-known 19-year-old protocol flaw called Oracle Threat known as ROBOT. The research found that some of the most popular webpages on the Internet were affected, including Facebook and Paypal.