June 3, Help Net Security – (International) Weak SSH keys opened many GitHub repositories to compromise. A security researcher discovered that large numbers of GitHub repositories are vulnerable to compromise and the delivery of malicious code due to a flaw that generated weak cryptographic secure shell (SSH) keys until 2008. Source
June 3, Help Net Security – (International) IoT devices entering enterprises, opening company networks to attacks. A recently released OpenDNS report on Internet of Things (IoT) devices and infrastructure in business found that IoT devices have become prevalent in highly regulated industries, such as healthcare, energy infrastructure, government, financial services, and retail, and that the infrastructure supporting the devices are vulnerable to well-known security flaws, as well as other threats inherent to the nature of IoT technology. Source
June 3, Softpedia – (International) Russian crypto-malware encrypts files completely. Security researchers at Check Point discovered that a new piece of ransomware called Troldesh, also known as Encoder.858 and Shade, applies full encryption to files it processes and offers a way to contact the ransomware operators in an effort to maximize profits and guarantee payment. Source