Disney’s Playdom forums suffered Data breach
Disney’s Playdom forum has been hacked and shut down due to a data breach. Disney revealed about the attack on July 12, which was actually happened on July 9. The attacker accessed section of servers to steal user data. The Playdom forums were designed for games like Star wars and Marvel and Disney Hidden Worlds. Playdom forums works on vBulletin forum software, which was not updated. The accessed data included usernames, passwords, and email addresses.
Google has implemented HSTS in its services
Google has announced that they have successfully implemented HSTS (HTTP Strict Transport Security) support for all running Google products. HSTS is a security protocol that is supported by most of browsers and servers. HSTS support helps webmasters against HTTP downgrade, man-in-middle attack, cookie hijacking. It compels users to redirect to HTTPS instead of going back to HTTP connection.
Russian State Agencies faced above 10M cyber-attacks in 2016
Russian Security Council said that Russian state agencies have been on the radar of attackers hence, recorded ten million cyber-attacks on Web-exposed infrastructure. However, most of attacks were mitigated but the authorities found spyware on their state computers. Russian officials have also shown concern about the lack of trained professional. It is believed that attackers managed to steal 200 million rubles ($3.03M) from such attacks.
Harrison City Council website has been hacked eight times
The website of Harrison city council (townofharrision.com) has been hacked eight times between July 7 and July 26. The authority has not identified the attacker and the website is still down. The authority also did not store any sensitive data on the website. Scan Worx – a company that manages the site has taken down the site to step up its security. The website was just a WordPress blog and the hack was believed to be a part of hacking campaign against WordPress and Joomla sites.
WhatsApp Deleted Messages can be retrieved
Jonathan Zdziarski – the iOS developer found that WhatsApp is not completely deleting conversations that allow law enforcement or attackers to recover the deleted conversations. The SQLite feature put deleted WhatsApp conversation into free list of database entries. When a user does back up his device to an iCloud account, the database is displayed in clear text, as there is no encryption. Therefore, law enforcement can compel Apple to surrender WhatsApp database that is presented in database. On other hand, if the user backs up data on his computer, then the deleted messages can be retrieved with reverse engineering techniques
Chrome and Firefox Browsers do not encrypt Search Suggestions
Nightwatch cyber security has revealed a new way to crash chrome and Firefox browser on mobile and desktop device. The method depends upon the search suggestion that browser supports. It is actually a flaw in design implementation as the browsers do not secure search suggestion with encrypted channel and the attacker on local network can capture search queries and can answer to the user before a search provider.
