One in Twenty Android Devices is Pre Booted
Duo Security found that android devices are at risk as they found that one in twenty android devices is jailbroken. If Organization allows BYOD then it can put company data at risk in case the device is stolen or lost. Moreover, one in three users does not use passcode on the lock screen that allows attackers to access the full device. Even one in twenty iPhone users do not keep passcode on their iPhone device. For BYOD, one in twenty android devices is rooted while this number is one in 250 for iPhone devices.
Hanom1960 hacker exploited Colombian Government Sites
Colombian government websites are hacked by a hacker named Hanom1960. The hacker has stolen and leaked information from Colombia’s Ministry of Information Technologies & Communications and Ministry of National Education. The database contains username, hashed passwords, real names, emails, telephone numbers, birth dates, expert areas, employee codes. Around 2800 users’ data was leaked. The data also included ministry’s physical and digital assets.
HSBC bank faced DDoS Attack
UK based customers of HSBC bank found their banking portal was offline due to DDoS attack. However, the officials were managed to restore the system and the services had been resumed. The officials called law enforcement to investigate the attack and requested users to visit bank for any urgent banking transactions. Due to attack, HSBC announced that bank branches were opened on Saturday January 30 too.
Google Chrome will show Red Cross in Address bar for unencrypted site
Google chrome will add shiny Red Cross sign in the URL if the site is unencrypted. Google will implement this update in chrome in near future. The reason to add this sign is to make aware users that HTTP serves no security. Until now, Google is showing errors if anything is wrong with encryption but from now, Google will show a shiny cross in case of insecure site. If any users have Chrome 48, he/she will comprehend about this feature. Just open a new tab in Chrome and write path chrome://flags. Now, search for “Mark non-secure origins as non-secure” and change the option from default to “Mark non-secure origins as non-secure” it.
Android.Xiny Trojan affected Android Games
According to Dr. Web research, over 60 android games carry Android.Xiny malicious Trojan, which were uploaded by 30 different developers. This Trojan collected users’ personal information and sent to command and control server. The personal information contained IMEI, IMSI identifiers, country and language setting, mobile operator information, phone’s MAC address, OS version. Once the information is grabbed, the Trojan will display ads on user’s screen and increase its span by downloading other malicious apps.
Google Chrome 48 will show Site’s Encryption Status in a broad way
In Chromium project, Google chrome 48 brought a new feature reside in DevTools. Once the page is opened with CTRL+SHIFT+I command, browse the security tab where a user can see the encryption status for example, SSL errors, use of HTTP, etc. the security panel will show the connection information for every network request. The new DevTools security panel will show data about TLS certificate’s identity, modern protocol, cipher.
WhatsApp V3.0 Beta version will bring Two Privacy Features
WhatsApp is now bringing two new features in version 3.0. Javier Santos- a mobile developer who created the beta version for WhatsApp has discovered new features in control panel. The first feature is lock icon “Show security indicators” that will be put on encrypted conversations. This feature is a promotional action that promotes app’s secure chat ability. While the second new feature under Account section is “Share my account info”, it will send the user’s data to Facebook servers to enhance Facebook experience. These two settings are off by default, which can be turned on by users later.
EINSTEIN- a Firewall of Department of Homeland Security is found Ineffective
Department of Homeland Security found that the firewall named EINSTEIN is weak against detection and prevention of nation-state hacking. The secret federal audit revealed that EINSTEIN is ineffective against Nation state APT (Advanced persistent threats) and does not possess intrusion detection signatures. Many government departments like Energy and Veterans Affairs, the General Services Administration, the National Science Foundation and the Nuclear Regulatory Commission use this firewall to protect sensitive data. EINSTEIN identified only 6% of vulnerabilities related to Adobe Acrobat, Flash, IE, Java, and Microsoft Office.
