Skip to main content
banner image
venafi logo

Encryption Digest 6 | Bank Threats, Leaked Secret Keys and HTTPS Phishing

Encryption Digest 6 | Bank Threats, Leaked Secret Keys and HTTPS Phishing

Encryption, Sectigo, EV certificate, extended validation certificate
July 4, 2019 | Katrina Dobieski

The encryption stories we’re looking at this week include AMD patches for Linux, compromised credentials of deceased consumers, and how many European banks actually use the appropriate level of cyber security. We’ll also look at a vulnerability leaving thousands of Dell devices open to remote take-over and how pro-phishers are keeping up with the times. Stay informed as we investigate the latest threats in encryption news and what the industry is doing about them.

 

25% of European banks could leave customers vulnerable to phishing

 

One in four European banks don’t use the highest level of digital security to protect what could be up to 5.6 trillion euros in assets.

According to some, digital security is still not high on the list for a lot of European CISOs, despite last year’s implementation of GDPR.

"[A]ccording to Sectigo, an issuer of online security certificates, many banking websites do not have Extended Validation certificates to prove that they are legitimate and secure.” Read the full article.

Read related posts:

 

AMD Patches EPYC CPU Secure Encrypted Virtualization Exploit That Could Leak Secret Keys

AMD, key competitor to Intel, recently pushed a patch for an encryption vulnerability affecting how their EPYC server processors  handle Secure Encrypted Virtualization (SEV). The vulnerability would allow attackers to recover a secure key and then use it to access an isolated virtual machine on a targeted system.

In an official statement, the company announced, “AMD became aware that, if using the user-selectable AMD secure encryption feature on a virtual machine running the Linux operating system, an encryption key could be compromised by manipulating the encryption technology’s behavior.” Read the full article.

 

 

Read related posts:

 

How strong is your company’s digital security posture? Find out.

 

Thousands of ID cards not properly deactivated due to software glitch

Certificates expired, but not deactivated. Those words spelled the difference between accessible private data and safely encrypted information. 

In Estonia, roughly 15,000 expired ID cards with still-valid digital certificates left the digital trails of consumers open to snooping. Anyone with the right information could get into the connected accounts of those individuals’ e-services.

"Of all the cards that remained valid, the certificates of 353 were used after their expiration dates, 258 of which belonged to people that were no longer alive”. Read the full article. 

 

 

Read related posts:

 

Millions of Dell PCs Vulnerable to Flaw in Third-Party Component

A high severity vulnerability has been discovered on Dell PCs, hidden inside Support Assist Software. Left unchecked, this opportunity could lead to remote device take over and DLL hijacking attacks.

“All that the bad actor would need to do is persuade the victim to download a malicious file (using social engineering or other tactics) to a certain folder...[then] basically he can do whatever he wants, including ... read and write physical memory.”

See how Dell is responding to the incident. Read the full article.

 

 

Read related posts:

 

Phishing Websites Increase Adoption of HTTPS

Times are changing, and even cybercriminals don’t want to have their stolen data pilfered. That and an HTTP-only phishing site doesn’t get the same respect anymore.

In Q1 of this year, over half of all detected phishing sites used legitimate digital certificates to encrypt the connections used to siphon consumer data. And, more bad actors than ever are migrating their crime enterprises to HTTPS. At least some of us are following internet safety rules. Read the full article.

 

 

How prevalent are TLS certificates on the Dark Web? Find out.

 

Read related posts:

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

Encryption, encryption backdoor, HIPAA

Encryption Stories That Caught Our Eye | June 14

Digital transformation, GDPR, encryption, encrypted, quantum computing, data breach, data protection

Encryption Stories that Caught Our Eye This Week | May 31

encryption key management

Encryption Stories that Caught Our Eye This Week | May 3

About the author

Katrina Dobieski
Katrina Dobieski

Katrina Dobieski writes for Venafi's blog and is an expert in machine identity protection.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat