ClickSSL Weekly Infosec Snipper December 14, 2015

This entry is part 2 of 73 in the series Weekly Infosec Snipper

Corporate PCs are at risk due to rise in Ransomware

Kaspersky carried out a report, shows that the year of 2015 was dedicated to cyber-attacks, around 58% of all corporate PCs had been infected once in a year with malware. The ratio of infection in the past year 2014 was settled at 55%, which shows a 3% increase in cyber attack. Attackers have used office related software to take-off attacks. Around, 29% attacks affected corporate networks while 41% attacks infected local networks. Even, ransomware was on rise and it has infected around 51K business workstations.

Janet- A UK Academic Network suffered from DDoS Attack

UK Academic Network is suffered from DDoS attack. The network named Janet hit by attackers on December 4 and continued until December 8, 2015. The network administrators were successful in avoiding the attack in its initial phase by taking proper counter measures. However, during the attack, the Janet network was working slow or partially inactive but it is now fully activated.

Four Airlines are not using HTTPS for Web Transactions

According to Wandera research, four major airline companies are not using encryption for online transactions. Companies are not using encryption for their mobile version website and applications. During research, Wandera researchers exposed personal identifiable information, credit card numbers. Some of companies that are not using encryption like Aer Lingus (Ireland, airline), Air Canada (Canada, airline), AirAsia (Malaysia, airline), easyJet (UK, airline). However, after this research, EasyJet has fixed encryption issue. Wandera has presented a short video of this research.

Cheap SSL

WP-Engine faced Data Breach

A WordPress hosting provider named WP Engine has suffered from data breach, and the client credentials were exposed in this breach. The company has no detail about the technical fault and started investigation to reveal the source of attack. The hosting provider has also reset the passwords for its customers. The company insisted on changing passwords for WP Engine User Portal Password, SFTP password, original WP-Admin password, and the password for transferable installation and password protected installation.

Google Cloud Platform served Banking Trojan

Google Cloud platform was used by cyber criminals to host Telax banking Trojan, which was lately detected by Zscaler’s security team. The campaign was targeting Portuguese speaking Brazil users that tricked users into clicking on a malicious bit.ly link. To entice users, attackers were offering free vouchers, coupons and free version of WhatsApp and Avast. Once the user clicked, the download would start with .com and .exe file and install a payload downloader, which can install powerful more viruses on system later on. However, Google has taken down the campaign, which was active between October 19 and October 30, 2015.

Facebook and Cloudflare urged to continue SHA-1 certificate

Facebook and Cloudflare are in mood to continue SHA-1 algorithm in old browsers. The reason behind this decision is the usage of old browsers by 37 million people in the world. Therefore, migrating to SHA-2 algorithm could leave these users without having access of HTTPS websites. Most of people residing in China, Iran, Nepal, and Africans are using old internet enabled mobile phones or old desktop like Windows XP. Both Facebook and Cloudflare proposed the CA/B forum an alternate option where users can use SHA-1 certificate if the browser is older and not capable of functioning with SHA-2 algorithm.

Chrome App will show an alert message about malicious Site

Chrome app on Android will show an alert message if any site is found malicious. Google’s Safe browsing feature is enabled on Android OS and is directly integrated into Google Play Service so all apps can easily use it. With the rising adware and mobile threats, Google has taken this wise step for users’ safety. In past, there was no support for ad blocking, so once the ad is clicked, it can install risky malware, but with this update Chrome users will have a chance to avoid deceptive sites.

Series Navigation<< ClickSSL Weekly Infosec Snipper December 7, 2015ClickSSL Weekly InfoSec Snipper December 21, 2015 >>
 

We Assure to Serve

Leading Brands

ClickSSL is platinum partner of leading CAs & offering broad range of SSL certificate products.

Valued Price

You are at right place to get cheapest SSLs; our prices are up to 79% low as compared to CAs.

100% Refund Policy

If you are not satisfied, our all SSL certificates are backed by 30-day 100% money back guarantee.

24×7 Support

Our experts are always active to help you, so you will get instant solutions for your queries.