ClickSSL Monthly InfoSec Snipper April 24, 2017

This entry is part 69 of 73 in the series Weekly Infosec Snipper

Half Of British Firms Faced Single Security Breach In Last Year

A study from the British government shows that around half of local businesses have faced single security breach last year. These breaches involved fraud emails sent to staff or related to viruses, malware and spyware. The survey was done on 1500 UK companies and the government said that many companies are still lacking basic protection against security threats. There are many employees left from providing instruction on how to avoid getting their system infected.

Intercontinental Hotels Group Faced Severe Damage Than One Might Thought

The data breach that affected Intercontinental Hotels Group had affected many visitors. However, the breach was happened in late December 2016 and it was declared that only 12 properties had been affected. Cyber security team then realized that the damage was severe and deep. Attackers were installed malware on payment card processing servers. Thus, attackers got data like card numbers, internal verification codes, which made them to clone card and fraud payments.

The Internet Society Will Demand Full Encryption In Next G20 Countries Meeting

The Internet Society appealed G20 countries about full encryption if they want a safer environment. They argued that if you want to make Internet strong and safe then encryption is needed. The next meeting will have full encryption agenda in upcoming July month. Germany also wants a common technical standards and digital learning along with affordable internet access until 2025 year. The Internet Society believes that encryption is the future of digital life and it should be the rule for all web transactions.

Wonga Suffered Data Breach

Payday Loan firm Wonga faced data breach that affected 245K British customers and 25K Polish customers. The stolen record included names, addresses, phone numbers, bank accounts and sort codes. However, Wonga has setup customer support over phone line to contact their customers. It is supposed to be biggest data breach in the UK. The situation is critical as hackers got last four digits of customer’s bankcards. The information is used by financial institutions for login purpose.

Ask.com Has Loophole In Server, Leaks Out People’s Searches

Ask.com has Apache server and it is found to be leaking people’s search and query to public. This research came into light when Paul Shapiro – a researcher found that Ask.com does not hide its server from public. It is not clear that how long this page was open to the public. During the restart of the server, the page accidentally exposed. The data was of around 237.9 GB and it is expecting that Ask.com will fix this issue soon. All the listed IPs was internal and related to Ask.com’s firewall.

Blocked Attacks Increased In March 2017, Symantec Intelligence Report Says

Symantec is ready with its Latest intelligence report for March 2017, the number of blocked attacks was increased in March month too and the trend started in July 2016. Symantec blocked 584,000 attacks per day in March that were record break numbers. In addition, around two million malicious emails are blocked. The exploit kits were remained on top like RIG, SunDown and Magnitude. The ratio of new malware was decreased against 94.1 million in previous month as the recorded ratio in March month was 77.5 million.

Symantec SSL Certificate

Number Of Attacks Is Rising On Mac PC, Says McAfee Report

According to McAfee Threat report, the number of attacks is rising on Mac PC compare to Windows PCs as macOS malware rose to 744% in 2016. Around 460K instances were detected compared to 600 million instances including 15 million mobile malware. Most malware found on MacOS were adware that annoys users instead of damaging lot. There are word macro instances and Fruitfly malware that attacks computers in biomedical institutions. The report also focused on malware infection on IOT devices that can be used as the part of botnets for different purposes.

Android Banking Trojan Affected 420 Banking Apps Globally

Security researcher at B.V. firm found new type of Android Banking Trojan that could infect installed funny videos app on Google Play Store. The researcher found Funny video app that has around 5000 installation, which acts like other video app but in background the app targets victim from bank globally. The app uses DexProtector tool that changes app’s code. The Trojan targets more than 420 banks’ customers including Citibank, ING, and some new Dutch banks, like ABN, Rabobank, ASN, and others. The app can intercept SMS and steals banking details.

Microsoft Release Windows 10 Creators Update To Reveal About Data Collection

Microsoft had been silent over collecting telemetry data but now Microsoft is now transparent about data diagnostics. Initially there were Basic, Enhanced, and Full option for users in Microsoft Windows 10 under diagnostics data collection. The company did not reveal what kind of data it was collecting that raised privacy concern. From now, with the release of the Windows 10 Creators Update, users can download it and can change in privacy setting section. There will be options like location, speech recognition, Relevant ads, Basic, Full, Tailored experiences with diagnostic data, etc.

Android Remains No#1 As World’s Popular OS

According to Stat Counter report, Android remains on number#1 position in Operating System across desktop, laptop and mobile devices. Android presents 37.93% of the global OS while Windows stood at 37.91% ratio. The report also focused that Windows is still holding 39.5% ratio in Internet market while Android is on 21.16% ratio in North America. The ratio in Europe is 51.7% (Windows) against 23.5% (Android). Android has led in Asian market (India) with 61.78%, Indonesia with 60.7% and China with 42.12% usage.

Magento Platform Vulnerability Could Exploit Hundreds of e-Shops

Magento platform had a severe unpatched vulnerability that could allow attackers exploit and run malicious PHP scripts on web servers. DefenseCode- a security firm reported that the vulnerability resides in a feature that retrieve preview image of Vimeo video that allows adding videos to product listings. Attacker could remotely run code by tricking Magento to download .htaccess file to enable PHP inside download directory and then download malicious PHP script to run as backdoor.

Scottrade Bank Admitted Data Breach, Exposed 20,000 Records

Scottrade Bank suffered a data breach that exposed 20K customers’ records and 60GB MSSQL database was remained open over the web. The incident took place when Genpact uploaded data to Amazon hosting server. The company did not secured their data and left online. Chris Vickery – a security researcher found this incident and downloaded archive 158.9 GB data file. The archive included account passwords in plain text and contained names, addresses, and social security numbers.

Series Navigation<< ClickSSL Weekly InfoSec Snipper April 3, 2017ClickSSL Monthly InfoSec Snipper May 29, 2017 >>
 

We Assure to Serve

Leading Brands

ClickSSL is platinum partner of leading CAs & offering broad range of SSL certificate products.

Valued Price

You are at right place to get cheapest SSLs; our prices are up to 79% low as compared to CAs.

100% Refund Policy

If you are not satisfied, our all SSL certificates are backed by 30-day 100% money back guarantee.

24×7 Support

Our experts are always active to help you, so you will get instant solutions for your queries.