ClickSSL Weekly InfoSec Snipper August 15, 2016

This entry is part 36 of 73 in the series Weekly Infosec Snipper

WADA and TAS servers hacked by unknown Hacker

The server of WADA (World Anti-Doping Agency) and court of Arbitration of Sport (CAS) has been hacked by anonymous hacker. Hacker group has dumped data online together with a video that contains TAS hacking. The breached data of TAS contained basic site database dump and there was no sensitive information was stolen. However, hackers have not released data of WADA but their spokesperson at Rio Olympics has revealed about the breach. The spokesperson also said that there was no breach of sensitive information related to Athletes’ drug results.

Fake Twitter Customer Support page stole users’ Credentials

Crooks are pretending to be customer support on Twitter and redirect customers to phishing sites to collect their sensitive information. Crooks created a fake twitter account “@NatWest_HelpTC” of NatWest (National Westminster Bank) for phishing activities. Phishers were interacted with customers when the customer support staff was off duty. In reply to customers’ query, phishers told customers that a particular feature could be avail when they will sign and verify their account. Thus, phishers provided a link to redirect customers to a fake site to steal their credentials.

Microsoft forever Disabled RC4 Ciphers

Microsoft has officially shunned RC4 ciphers in IE 11 and Edge browsers. The company has announced about RC4 in September 2015. RC4 was believed to be insecure encryption when IETF (Internet Engineering Task Force) has banned it in February 2015. RC4 encryption was used previously in WEP, WPA, SSH, TLS/SSL. Microsoft recently released an update KB3151631 on August 9, 2016, and with this update, the authority has disabled RC4 by default.

Cheap SSL

Dota2 Gaming forum hacked

The official developer forum of Dota2 (Defense of the Ancients 2) has been hacked and the personal information of around 2 million users is at stake. The stolen data included email, IP addresses, usernames, user identifier and hashed passwords. The stolen data was sent to LeakedSource on 9 August 2016. The forum was using MD5 hashing and salt for password storage. Hackers have decoded around 80% passwords into plain text. After reset passwords, the Dota2 developers has publicized about its data breach.

Google added a warning against unauthenticated Email

Google announced about safe browsing warning as Gmail will show warning when receiving mail from unauthenticated user. The warning will show a question mark on user’s profile photo or logo as the mail failed to authenticate itself with Sender Policy Framework (SPF). Additionally, if a user clicks on phishing link, he/she will see warning “Visiting this website may harm your computer”. The new amendments are part of Google’s Safe Browsing protection.

Series Navigation<< ClickSSL Weekly InfoSec Snipper August 8, 2016ClickSSL Weekly InfoSec Snipper August 22, 2016 >>
 

We Assure to Serve

Leading Brands

ClickSSL is platinum partner of leading CAs & offering broad range of SSL certificate products.

Valued Price

You are at right place to get cheapest SSLs; our prices are up to 79% low as compared to CAs.

100% Refund Policy

If you are not satisfied, our all SSL certificates are backed by 30-day 100% money back guarantee.

24×7 Support

Our experts are always active to help you, so you will get instant solutions for your queries.