ClickSSL Weekly InfoSec Snipper August 29, 2016

This entry is part 38 of 73 in the series Weekly Infosec Snipper

Firefox is going to introduce its version-50, which will bring protection against MIME confusion attack. The browser receives a file from the server; it checks the response of server for content-type header. The content type header indicates the type of file that a server is sending to the browser. Because of server misconfiguration, it may happen that the response is not getting in correct sense. In that case, the browser uses MIME sniffing to detect the file type and sometime, it creates MIME confusion attacks in which attackers modify the file extension and changes the few bites of JavaScript file and create MIME confusion attack.

Observatory- Mozilla scanning utility is released

Mozilla security engineer has released Observatory – free website security scanning utility. The service will be helpful to system administrators, security professionals that wish to use modern security protocols for site configuration. The scanning service grades basic security features and convert the score into alphabetical A to F score. There were around 91% websites failed to pass observatory’s scanning test.

Sony PlayStation has enabled 2FA (two-factor authentication)

Sony has announced for two-factor authentication for its PlayStation but it is voluntary for users. Due to hijacking of gaming accounts, Sony has taken this wise steps in which users receive code via SMS whenever they wish to login into PlayStation. Sony has also encountered with data breach that made its servers inaccessible nearly for 23 days.

Cheap SSL

Mail.ru Community suffered from Data breach

Mail.ru community has suffered from data breach of around 25 million user records. All three communities were using older vBulletin forum software that allowed attackers the access of data. The breached data included usernames, passwords, and other user details. No stored data was kept using modern security standards. LeakedSource – a data breach index service has started procedure to decrypt password. LeakedSource offers an API to businesses based on data breaches it indexes.

Ransomware has affected six out of ten UK Universities

SentinelOne – a mobile security firm has revealed that six out of ten UK universities have suffered from ransomware attack. The firm sent request for information to 71 institutions in Britain but only 58 institutions have accepted the offer while others refused to respond, as they believe that their commercial interests will be damaged. Universities did not publicly say that they paid any ransom amount but they handled problem internally.

Opera Sync Service is hacked reset passwords

Hackers have gained access to cloud servers of Opera, which compelled Opera to reset all users’ passwords. Users who accessed sync feature of the browser have faced the issue. Opera’s Cloud Sync service allows users to synchronize browser data and settings across multiple platforms. Around 1.7 million users use sync service of Opera last month but the authority has already reset passwords itself so users do not have to worry about it.

Series Navigation<< ClickSSL Weekly InfoSec Snipper August 22, 2016ClickSSL Weekly InfoSec Snipper September 05, 2016 >>
 

We Assure to Serve

Leading Brands

ClickSSL is platinum partner of leading CAs & offering broad range of SSL certificate products.

Valued Price

You are at right place to get cheapest SSLs; our prices are up to 79% low as compared to CAs.

100% Refund Policy

If you are not satisfied, our all SSL certificates are backed by 30-day 100% money back guarantee.

24×7 Support

Our experts are always active to help you, so you will get instant solutions for your queries.