ClickSSL Weekly InfoSec Snipper December 21, 2015

This entry is part 3 of 73 in the series Weekly Infosec Snipper

Instagram is hacked via Facebook bug bounty program

Wesley Wineberg (security researcher) has cracked defenses of Instagram via Facebook bug bounty program. The researcher got tip from a friend, traced the admin panel (sensu.instagram.com) of Instagram, and found RCE (Remote code execution) vulnerability. The vulnerability can access the service and its configuration files that has SQL database. The database included 60 accounts of Instagram and Facebook employees.

Microsoft Smart screen security Added Drive-by downloads Warning

Microsoft brings an update for Smart screen security system that will identify and alert drive-by download attacks. Smart screen security is in-built feature of Windows, which was initially introduced in IE7 to defend against phishing and social engineering attacks. After few amendments, Smart screen security is enabled in Edge browser. Now, IE and Edge will show a full-page warning with image on seeing a suspicious exploit kit malicious page. The warning will advise users to proceed further with caution on such malicious page.

Microsoft removed few Root Certificate Authorities to strengthen Web Trust

After considering opinions of some certificate authorities, Microsoft has decided to remove few root certificate authorities. Software vendors and website owners enforce CA certificates that have Microsoft root certificate program. The object of Microsoft root certificate program is to gain trust on windows devices. In June 2015, Microsoft has updated Trusted Root Certificate Program but after discussing with CAs, the new list will come into effect from January 2016. The new list will have no place for 25 root certificate authorities.

Cheap SSL

Comcast Users faced Enlarge Malvertising Attack

According to Malwarebytes, Comcast Xfinity portal has faced three types of threats in past days named malware, exploit kit and tech support fraud. Some users complained that they were redirected to malicious ads that served ransomware through an exploit kit. In some results, malicious ads were served via Google AdWords service showing ads “Direct TV compared to Comcast TV”. When a user clicked on the ad, it redirected to a malacious website where exploit kit was hosted. It then scanned for loopholes in users’ system and infect with malware. Once the loophole detected, the malicious website loads another website pretend to be Comcast Xfinity portal. The second site displayed a warning about plug-in vulnerability and recommended users to call on a number for technical help.

Microsoft is on Zenith position in Anti-malware Vendor

OPSWAT has conducted a research in the November of this year on anti-malware vendor and Microsoft is on zenith position. The report showed that Microsoft is on first position with 15.9% ratio while on subsequent position Avast and Malwarebytes got 15% and 11.6% ratio. Symantec continued to retain its position in first top five anti-malware providers with 6.1% market share ratio. In this survey, window defender was counted as default product of all windows version hence, did not count. The report also added that Mac device has low-level security with 57.2% ratio compared to Windows devices with 71.5% ratio.

Series Navigation<< ClickSSL Weekly Infosec Snipper December 14, 2015ClickSSL Weekly Infosec Snipper January 04, 2016 >>
 

We Assure to Serve

Leading Brands

ClickSSL is platinum partner of leading CAs & offering broad range of SSL certificate products.

Valued Price

You are at right place to get cheapest SSLs; our prices are up to 79% low as compared to CAs.

100% Refund Policy

If you are not satisfied, our all SSL certificates are backed by 30-day 100% money back guarantee.

24×7 Support

Our experts are always active to help you, so you will get instant solutions for your queries.