ClickSSL Weekly InfoSec Snipper August 1, 2016

This entry is part 34 of 73 in the series Weekly Infosec Snipper

Disney’s Playdom forums suffered Data breach

Disney’s Playdom forum has been hacked and shut down due to a data breach. Disney revealed about the attack on July 12, which was actually happened on July 9. The attacker accessed section of servers to steal user data. The Playdom forums were designed for games like Star wars and Marvel and Disney Hidden Worlds. Playdom forums works on vBulletin forum software, which was not updated. The accessed data included usernames, passwords, and email addresses.

Google has implemented HSTS in its services

Google has announced that they have successfully implemented HSTS (HTTP Strict Transport Security) support for all running Google products. HSTS is a security protocol that is supported by most of browsers and servers. HSTS support helps webmasters against HTTP downgrade, man-in-middle attack, cookie hijacking. It compels users to redirect to HTTPS instead of going back to HTTP connection.

Russian State Agencies faced above 10M cyber-attacks in 2016

Russian Security Council said that Russian state agencies have been on the radar of attackers hence, recorded ten million cyber-attacks on Web-exposed infrastructure. However, most of attacks were mitigated but the authorities found spyware on their state computers. Russian officials have also shown concern about the lack of trained professional. It is believed that attackers managed to steal 200 million rubles ($3.03M) from such attacks.

Cheap SSL

Harrison City Council website has been hacked eight times

The website of Harrison city council (townofharrision.com) has been hacked eight times between July 7 and July 26. The authority has not identified the attacker and the website is still down. The authority also did not store any sensitive data on the website. Scan Worx – a company that manages the site has taken down the site to step up its security. The website was just a WordPress blog and the hack was believed to be a part of hacking campaign against WordPress and Joomla sites.

WhatsApp Deleted Messages can be retrieved

Jonathan Zdziarski – the iOS developer found that WhatsApp is not completely deleting conversations that allow law enforcement or attackers to recover the deleted conversations. The SQLite feature put deleted WhatsApp conversation into free list of database entries. When a user does back up his device to an iCloud account, the database is displayed in clear text, as there is no encryption. Therefore, law enforcement can compel Apple to surrender WhatsApp database that is presented in database. On other hand, if the user backs up data on his computer, then the deleted messages can be retrieved with reverse engineering techniques

Chrome and Firefox Browsers do not encrypt Search Suggestions

Nightwatch cyber security has revealed a new way to crash chrome and Firefox browser on mobile and desktop device. The method depends upon the search suggestion that browser supports. It is actually a flaw in design implementation as the browsers do not secure search suggestion with encrypted channel and the attacker on local network can capture search queries and can answer to the user before a search provider.

Series Navigation<< ClickSSL Weekly InfoSec Snipper July 25, 2016ClickSSL Weekly InfoSec Snipper August 8, 2016 >>
 

We Assure to Serve

Leading Brands

ClickSSL is platinum partner of leading CAs & offering broad range of SSL certificate products.

Valued Price

You are at right place to get cheapest SSLs; our prices are up to 79% low as compared to CAs.

100% Refund Policy

If you are not satisfied, our all SSL certificates are backed by 30-day 100% money back guarantee.

24×7 Support

Our experts are always active to help you, so you will get instant solutions for your queries.