Instagram is hacked via Facebook bug bounty program
Wesley Wineberg (security researcher) has cracked defenses of Instagram via Facebook bug bounty program. The researcher got tip from a friend, traced the admin panel (sensu.instagram.com) of Instagram, and found RCE (Remote code execution) vulnerability. The vulnerability can access the service and its configuration files that has SQL database. The database included 60 accounts of Instagram and Facebook employees.
Microsoft Smart screen security Added Drive-by downloads Warning
Microsoft brings an update for Smart screen security system that will identify and alert drive-by download attacks. Smart screen security is in-built feature of Windows, which was initially introduced in IE7 to defend against phishing and social engineering attacks. After few amendments, Smart screen security is enabled in Edge browser. Now, IE and Edge will show a full-page warning with image on seeing a suspicious exploit kit malicious page. The warning will advise users to proceed further with caution on such malicious page.
Microsoft removed few Root Certificate Authorities to strengthen Web Trust
After considering opinions of some certificate authorities, Microsoft has decided to remove few root certificate authorities. Software vendors and website owners enforce CA certificates that have Microsoft root certificate program. The object of Microsoft root certificate program is to gain trust on windows devices. In June 2015, Microsoft has updated Trusted Root Certificate Program but after discussing with CAs, the new list will come into effect from January 2016. The new list will have no place for 25 root certificate authorities.
Comcast Users faced Enlarge Malvertising Attack
According to Malwarebytes, Comcast Xfinity portal has faced three types of threats in past days named malware, exploit kit and tech support fraud. Some users complained that they were redirected to malicious ads that served ransomware through an exploit kit. In some results, malicious ads were served via Google AdWords service showing ads “Direct TV compared to Comcast TV”. When a user clicked on the ad, it redirected to a malacious website where exploit kit was hosted. It then scanned for loopholes in users’ system and infect with malware. Once the loophole detected, the malicious website loads another website pretend to be Comcast Xfinity portal. The second site displayed a warning about plug-in vulnerability and recommended users to call on a number for technical help.
Microsoft is on Zenith position in Anti-malware Vendor
OPSWAT has conducted a research in the November of this year on anti-malware vendor and Microsoft is on zenith position. The report showed that Microsoft is on first position with 15.9% ratio while on subsequent position Avast and Malwarebytes got 15% and 11.6% ratio. Symantec continued to retain its position in first top five anti-malware providers with 6.1% market share ratio. In this survey, window defender was counted as default product of all windows version hence, did not count. The report also added that Mac device has low-level security with 57.2% ratio compared to Windows devices with 71.5% ratio.
