New information about the Heartbleed vulnerability's long-term impact, a Verizon (VZ) service that is designed to protect enterprises against data breaches and details about how some hackers are using Dropbox to spread malware and viruses are three of the IT security stories that managed service providers (MSPs) should watch this week.
This week's IT security stories to watch include several vulnerabilities that could have long-lasting effects.
Here are four IT security stories for MSPs to watch this week:
1. Heartbleed is still affecting more than 300,000 OpenSSL servers
It has been two months since Google (GOOG) and Finnish security firm Codenomicon first discovered the Heartbleed flaw, yet Errata Security reports the vulnerability is still affecting more than 300,000 OpenSSL servers worldwide.
Errata Security researcher Robert David Graham said he believes it could take several years to fully patch this security vulnerability.
"Even a decade from now, though, I still expect to find thousands of systems, including critical ones, still vulnerable [to Heartbleed]," Graham wrote in a blog post.
2. Verizon launches Smart Credential service
Verizon has unveiled a new service that is designed to help enterprises prevent data breaches.
The company's new Smart Credential service offers users "a single trusted identity that connects [their] online and physical environments."
Verizon also noted the service provides users with:
- Authentication to online systems that require high levels of assurance
- Digital signature and encryption solutions
- Secure access to buildings and facilities
"Businesses today often need to rethink their security strategy when their operations expand resulting in new locations, more users and additional systems and networks," Johan Sys, managing principal for Verizon Enterprise Solutions' identity and access management division, said in a prepared statement. "With Smart Credential, clients can boost security while streamlining the process, control costs and, importantly, improve the user experience through the use of a single credential."
3. Are hackers using Dropbox to spread malware and viruses?
Anti-phishing website PhishMe recently reported Dropbox is being used to host malware and viruses.
PhishMe provides full details about hackers' use of Dropbox here.
The company noted cybercriminals are using emails featuring Dropbox links that frequently focus on financial subjects, such as invoices or tax returns.
Each email typically features a link to download a .zip file that includes malware hosted on Dropbox.
The company said it will "work with the council to lay the foundation that is urgently needed to create security for all users in cyberspace."
"By joining the council as a founding member, we help bring many of the best practices we have learned from our customers to a much wider audience who can then better defend themselves against cyber attacks," Qualys CEO Philippe Courtot said in a prepared statement.