ClickSSL Weekly InfoSec Snipper December 12, 2016

This entry is part 53 of 73 in the series Weekly Infosec Snipper

Yahoo fixed XSS flaw in its email system

Security researcher Jouko Pynnonen has found XSS flaw in yahoo mail that allowed hackers to access and read yahoo email. Yahoo has awarded researcher with $10,000 reward. It was easy to bypass HTML filter with link hiding malicious JavaScript code. Therefore, users did not have to click on links sent by hackers and they can open emails easily. The flaw can create virus that could infect Yahoo mail. Yahoo was informed about the flaw on November 12 2016 and Yahoo fixed it on November 29 2016.

People commonly used “Love”, “Angel” and “Star” as passwords, survey said

CBT Nuggets did research on most used passwords from 50K leaked emails and passwords. The most used password included “Love”, “Angel”, “star”, and “Girl”. There are names also commonly used like rock, miss, hell, Mike, and John. The research also showed that men were slightly more prone to hacking whose age falls between 25 to 34 years. The first number on email hacked were from Yahoo subsequent by Hotmail and Gmail accounts.

Dailymotion hacked; around 87 million accounts compromised

Dailymotion a video sharing platform suffered from hacking and around 87 million accounts were affected. The stolen details included email, username, hashed passwords of registered users. There were also some passwords, which were not encrypted. Dailymotion users are requested to change passwords.

Cheap SSL

North Korea hacked South Korea military network

North Korean hackers compromised South Korea military network. The attack took place on September 23 2016 and targeted systems that were used to update the network. The ministry revealed that they discovered evidence, code, etc. The military made an investigation and found that some military data was accessed and this attack was launched from Chinese servers. There is state secrets were also accessed in this hacking.

Adobe Flash Player remained main target for Exploit kit

Recorded Future has researched and published a report on common vulnerabilities used by attackers in exploit kits. Adobe Flash Player and Microsoft products were mostly target by threat actors. In 2016, hacking campaigns launched by nation-state actors have rules in cyber world and crooks spread malware and ransomware via exploit kits. Adobe Flash Player held 6 out of 10 most critical vulnerabilities. CVE-2016-0189 vulnerability affected IE browser cited on most security blogs, deep web forum postings and dark web sites.

German based ThyssenKrupp- a steel company hit with Cyber attack

ThyssenKrupp – a German based steel company suffered from cyber-attack and hackers stole steal trade secrets from IT system. The attack was done from Southeast Asia targeted to gain access to knowledge and research about steel technology from company’s production and manufacturing plant. The attack was identified in its early stage and hackers did not attempt to tamper production system. The attack has also not damaged property or exposed personal safety.

Series Navigation<< ClickSSL Weekly InfoSec Snipper December 5, 2016ClickSSL Weekly InfoSec Snipper December 19, 2016 >>
 

We Assure to Serve

Leading Brands

ClickSSL is platinum partner of leading CAs & offering broad range of SSL certificate products.

Valued Price

You are at right place to get cheapest SSLs; our prices are up to 79% low as compared to CAs.

100% Refund Policy

If you are not satisfied, our all SSL certificates are backed by 30-day 100% money back guarantee.

24×7 Support

Our experts are always active to help you, so you will get instant solutions for your queries.