Who would have thought a poodle could cause so much damage in such a short amount of time? That's exactly what the world learned last week as details were released about the Padding Oracle On Downgraded Legacy Encryption, aka "POODLE," vulnerability that hackers can use to exploit the design of SSL 3.0 to decrypt sensitive information.
What do managed service providers (MSPs) and their customers need to know about the POODLE vulnerability? Find out in this week's IT security stories to watch:
1. Google researchers discover the POODLE SSL 3.0 vulnerability
Google (GOOG) researchers last week released details about the POODLE SSL 3.0 vulnerability.
POODLE is "a flaw in how browsers handle encryption," TechRepublic noted, and it could harm all applications and systems that leverage SSL 3.0.
"The POODLE attack demonstrates this vulnerability using web browsers and web servers, which is one of the most likely exploitation scenarios," the United States Computer Emergency Readiness Team (US-CERT) said in a POODLE advisory.
2. TD Bank settles with nine states over Oct. 2012 data breach
TD Bank last week announced it has entered into an $850,000 multi-state settlement agreement that "resolves [the] 2012 data breach and is designed to help ensure that future consumer privacy breaches do not occur."
Nine states will receive a portion of the TD Bank settlement:
- New Jersey
- New York
- North Carolina
"All consumers -- and especially banking consumers -- have a reasonable expectation of privacy and protection when it comes to their information," John J. Hoffman, New Jersey's acting attorney general, said in a prepared statement.
3. Was Dropbox hacked?
"Recent news articles claiming that Dropbox was hacked aren't true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox," Dropbox spokesperson Anton Mityagin wrote in a blog post. "Attackers then used these stolen credentials to try to log in to sites across the Internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens."
Mityagin added Dropbox recommends two-step verification to help prevent cyber attacks.
4. McAfee updates Next Generation Firewall
The new release is designed to provide Next Generation Firewall customers "with layered protection against the latest threats and evasions, along with improved workflows and operational efficiencies," according to McAfee.
"This release represents another significant milestone in bringing that strategy to fruition and further empowers our customers with the tools they need to outmaneuver attackers with even greater ease and precision," Pat Calhoun, McAfee's general manager of network security, said in a prepared statement.