Skip to main content
banner image
venafi logo

Bank Threats, Leaked Secret Keys and HTTPS Phishing [Encryption Digest 6]

Bank Threats, Leaked Secret Keys and HTTPS Phishing [Encryption Digest 6]

Encryption, Sectigo, EV certificate, extended validation certificate
July 4, 2019 | Katrina Dobieski

 

The encryption stories we’re looking at this week include AMD patches for Linux, compromised credentials of deceased consumers, and how many European banks actually use the appropriate level of cyber security. We’ll also look at a vulnerability leaving thousands of Dell devices open to remote take-over and how pro-phishers are keeping up with the times. Stay informed as we investigate the latest threats in encryption news and what the industry is doing about them.



 

 

25% of European banks could leave customers vulnerable to phishing

 

One in four European banks don’t use the highest level of digital security to protect what could be up to 5.6 trillion euros in assets.

According to some, digital security is still not high on the list for a lot of European CISOs, despite last year’s implementation of GDPR.

"[A]ccording to Sectigo, an issuer of online security certificates, many banking websites do not have Extended Validation certificates to prove that they are legitimate and secure.” Read the full article.

Read related posts:

 

AMD Patches EPYC CPU Secure Encrypted Virtualization Exploit That Could Leak Secret Keys

AMD, key competitor to Intel, recently pushed a patch for an encryption vulnerability affecting how their EPYC server processors  handle Secure Encrypted Virtualization (SEV). The vulnerability would allow attackers to recover a secure key and then use it to access an isolated virtual machine on a targeted system.

In an official statement, the company announced, “AMD became aware that, if using the user-selectable AMD secure encryption feature on a virtual machine running the Linux operating system, an encryption key could be compromised by manipulating the encryption technology’s behavior.” Read the full article.

 

 

Read related posts:

 

How strong is your company’s digital security posture? Find out.

 

Thousands of ID cards not properly deactivated due to software glitch

Certificates expired, but not deactivated. Those words spelled the difference between accessible private data and safely encrypted information. 

In Estonia, roughly 15,000 expired ID cards with still-valid digital certificates left the digital trails of consumers open to snooping. Anyone with the right information could get into the connected accounts of those individuals’ e-services.

"Of all the cards that remained valid, the certificates of 353 were used after their expiration dates, 258 of which belonged to people that were no longer alive”. Read the full article. 

 

 

Read related posts:

 

Millions of Dell PCs Vulnerable to Flaw in Third-Party Component

A high severity vulnerability has been discovered on Dell PCs, hidden inside Support Assist Software. Left unchecked, this opportunity could lead to remote device take over and DLL hijacking attacks.

“All that the bad actor would need to do is persuade the victim to download a malicious file (using social engineering or other tactics) to a certain folder...[then] basically he can do whatever he wants, including ... read and write physical memory.”

See how Dell is responding to the incident. Read the full article.

 

 

Read related posts:

 

Phishing Websites Increase Adoption of HTTPS

Times are changing, and even cybercriminals don’t want to have their stolen data pilfered. That and an HTTP-only phishing site doesn’t get the same respect anymore.

In Q1 of this year, over half of all detected phishing sites used legitimate digital certificates to encrypt the connections used to siphon consumer data. And, more bad actors than ever are migrating their crime enterprises to HTTPS. At least some of us are following internet safety rules. Read the full article.

 

 

 

 

 

Read related posts:

Like this blog? We think you will love this.
microsoft-office-macro-ban-backtrack
Featured Blog

Microsoft Backs Off Internet Office Macro Ban [Update]

Microsoft disabled macro years ago by default

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies
eBook

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Katrina Dobieski
Katrina Dobieski

Katrina writes for Venafi's blog and helps optimize Venafi's online presence to advance awareness of Machine Identity Protection.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more