Firefox is going to introduce its version-50, which will bring protection against MIME confusion attack. The browser receives a file from the server; it checks the response of server for content-type header. The content type header indicates the type of file that a server is sending to the browser. Because of server misconfiguration, it may happen that the response is not getting in correct sense. In that case, the browser uses MIME sniffing to detect the file type and sometime, it creates MIME confusion attacks in which attackers modify the file extension and changes the few bites of JavaScript file and create MIME confusion attack.
Observatory- Mozilla scanning utility is released
Mozilla security engineer has released Observatory – free website security scanning utility. The service will be helpful to system administrators, security professionals that wish to use modern security protocols for site configuration. The scanning service grades basic security features and convert the score into alphabetical A to F score. There were around 91% websites failed to pass observatory’s scanning test.
Sony PlayStation has enabled 2FA (two-factor authentication)
Sony has announced for two-factor authentication for its PlayStation but it is voluntary for users. Due to hijacking of gaming accounts, Sony has taken this wise steps in which users receive code via SMS whenever they wish to login into PlayStation. Sony has also encountered with data breach that made its servers inaccessible nearly for 23 days.
Mail.ru Community suffered from Data breach
Mail.ru community has suffered from data breach of around 25 million user records. All three communities were using older vBulletin forum software that allowed attackers the access of data. The breached data included usernames, passwords, and other user details. No stored data was kept using modern security standards. LeakedSource – a data breach index service has started procedure to decrypt password. LeakedSource offers an API to businesses based on data breaches it indexes.
Ransomware has affected six out of ten UK Universities
SentinelOne – a mobile security firm has revealed that six out of ten UK universities have suffered from ransomware attack. The firm sent request for information to 71 institutions in Britain but only 58 institutions have accepted the offer while others refused to respond, as they believe that their commercial interests will be damaged. Universities did not publicly say that they paid any ransom amount but they handled problem internally.
Opera Sync Service is hacked reset passwords
Hackers have gained access to cloud servers of Opera, which compelled Opera to reset all users’ passwords. Users who accessed sync feature of the browser have faced the issue. Opera’s Cloud Sync service allows users to synchronize browser data and settings across multiple platforms. Around 1.7 million users use sync service of Opera last month but the authority has already reset passwords itself so users do not have to worry about it.