Here we are ready to present our 100th Weekly InfoSec Snipper (WIS) today. The response we received from our readers is amazing and unforgettable. We thank everyone for being with us for such a long span of time. The same effort, we have tried to include in today’s InfoSec Snipper that hovers around the most interesting cyber events took place last week. Some of them have shocked the security individuals whereas a few have amazed the cyber world with their interesting fact. So let us start our journey of 100th ClickSSL Weekly InfoSec Snipper.
FBI alerted Businesses about rising Spoofed Emails
The US Federal Bureau of Investigation (FBI) has announced publicly to companies about rising level of whaling or CEO fraud / Business Email Compromise (BEC). Companies have lost around $1.1 billion in the last eight months (August 2015 and February 2016). In addition, from October 2013 to February 2016, companies across 79 countries have reported losses of $2.3 billion. BEC attacks are easy to carry and do not require any technical knowledge to send spoofed emails.
An Automated Attack broke Google CAPTCHA system
A team of security researchers (Suphannee Sivakorn, Jason Polakis, and Angelos D. Keromytis) broke the CAPTCHA system implemented by Google and Facebook. Researchers brought out a report named “I AM Robot” which is available on the Website of Columbia University’s Department of Computer Science. Researchers also presented the copy at Black Hat Asia 2016. Researchers have tried a large number of factors to bypass CAPTCHA security. They guess the right CAPTCHA image with a high degree of accuracy. On Google’s CAPTCHA, researchers got a 70.78% success rate while on Facebook, they got an 83.5% rate.
18% of Companies have faced Malware Penetration via Social Media
Many businesses trust social media to boost their business. Osterman Research revealed that 73% of companies have Facebook account while 64% use LinkedIn and 56% have a Twitter account. Besides, companies have used other platforms like Microsoft SharePoint, Cisco social platforms, Yammer and IBM Connections. The research claimed that 18% of companies have faced malware penetration via social media platforms. These platforms and tools are used to spread malware among employees and company infrastructure.
WhatsApp Implemented End-to-End Encryption
WhatsApp has implemented end-to-end encryption for its 1 billion users. From now, every message, call, the image will be remaining secret and the third person will not be able to read it. It means that WhatsApp would neglect US court orders that had asked for communication access. Users will see a padlock below the profile of the recipient means the communication is secure with strong encryption. The latest version of WhatsApp allows users to see the keys of the corresponding user and saves you from man-in-middle attack.
Turkish Citizens witnessed a Massive Data Breach
According to The Associated Press report, one of the massive public data breach happened to Turkish public and the records around 50 million including country’s President Recep Tayyip Erdogan have been compromised. The data is available on the Icelandic group website. The data breach has put 2/3 of the nation’s population at risk of identity theft and fraud. The data included first and last name, gender, city of birth, date of birth, full address, mother and father name, nation identifier number. It is believed that the attack appeared to be politically motivated.
43 GB of Syrian Government Data is leaked
Cyber Justice Team has hacked the Syrian government and leaked 10 GB of compressed data, which later on decompressed and returned with 43GB of data. PasteBin has also given support to the announcement of the breach along with a password file captured from the breached Linux server of the Syrian National Agency for Network Services. RBS (Risk Based Security) has analyzed the data dump which revealed around 38,768 folders with 274,477 files belonged to 55 websites of national agencies and private companies. The hacking team has also posted about the breach on Twitter profile.
2FA can be bypassed, Researchers says
Two researchers at Amsterdam University have found a way to breach two-factor authentication. Two-factor authentication (2FA) has a weak design flaw that puts users at risk. Both researchers alerted Google and other online services about the flaw but they did not get any response. The flaw relates to concept “anywhere computing” that synchronizes apps and content across devices. If an attacker gains access to a victim’s PC, the design flaw in 2FA allows attackers to use iTunes and Google Play Store to inject malicious apps into the user’s device without requiring a 2FA system.