ClickSSL Weekly InfoSec Snipper February 22, 2016

This entry is part 11 of 73 in the series Weekly Infosec Snipper

Norton Antivirus is the top line Antivirus-AV-Test Says

AV-Test has published its research on best antivirus products, which is based on two categories: for users and for corporate users. Symantec has won two categories award with its Norton security antivirus program. While on performance base, there was a tie between Kaspersky and Bitdefender antivirus, these two antiviruses had low impact on the Window PC speed. In case of usability and easy interface, there was a tie between Kaspersky and Avira antivirus product. Bitdefender was awarded for best performance in android antivirus.

W3C has put Efforts to create Universal Authentication Technique

World Wide Web Consortium (W3) has announced a group that will work on new web authentication mechanism that would replace old username-password technique. The group has to create a universal authentication system that must be strong and open cryptography. The new system should be easy to use and implement so webmasters can utilize it as an alternate authentication technique. The group is working on new APIs for password less solution.

Microsoft Career Website patched bug that leaded MongoDB Database

Microsoft has recently fixed a bug that was responsible for database leakage on the mobile version of their Careers website (m.careersatmicrosoft.com). Security researcher Mr. Vickery has hunted down companies that deployed mis-configured MongoDB database online. To handle database, Microsoft hired Punchkick Company, but from last few weeks, the database has been exposed without requiring any authentication. However, Punchkick patched the issue within one hour.

Thousands of WordPress Websites were used for DDoS Attack

Sucuri came up with a research about vulnerable WordPress websites, which were used for DDoS attack. Around 26K websites were abused to launch Layer 7 DDoS attack. These sites were making 10K to 11K HTTP request per second targeting a single website and extended their capacity to 20K requests per second. It is revealed that any WordPress website can be used to launch an attack if its default pingback feature is enabled. These attacks consumes large amount of memory and CPU on PHP applications, CMS (content management system) and databases. Keeping pingback feature off on your website will not protect you from DDoS attacks but it will stop your site from attacking others.

Cheap SSL

The University of Greenwich has fallen victim of Accidental Data Breach

The University of Greenwich faced data breach, which exposed students’ details: name, address, date of birth, mobile phone numbers, signatures and minute notes. One of the students of the university had found the data breach through google search and reported to BBC news. Even emails between staff and students were also breached. The university also contacted Google to remove cached copies of data from the web.

NSA data center faces up to 300 million Cyber-attacks every day

Utah officials said to KUTV that they are facing 300 million cyber-attacks per day. In 2010, the amount of attacks was recorded around 25K to 80K per day. Hackers targeted the NSA center, which is established near the city of Bluffdale. After the revelation of Snowden about the date center, the amount of cyber-attacks was also increased. Even local hackers are making efforts to collect information from the local system and targeting the NSA data center.

Cumulus- A project initiated to track Phished Credentials

Bitglass published its report, which named Cumulus “Where’s Your Data” in which the company used watermarks to track fake data across the internet. The report revealed that Russia, China, and Brazil were access point for identity access. To track the data, the researchers created fake employee identity of a retail bank, Google Drive account, web portal along with real credit card data, and then they leaked fake Google Apps credentials to the Dark Web to track the account activities. They found that the leaked data was accessed in 30 countries across six continents within two weeks.

Series Navigation<< ClickSSL Weekly InfoSec Snipper February 15, 2016ClickSSL Weekly InfoSec Snipper February 29, 2016 >>
 

We Assure to Serve

Leading Brands

ClickSSL is platinum partner of leading CAs & offering broad range of SSL certificate products.

Valued Price

You are at right place to get cheapest SSLs; our prices are up to 79% low as compared to CAs.

100% Refund Policy

If you are not satisfied, our all SSL certificates are backed by 30-day 100% money back guarantee.

24×7 Support

Our experts are always active to help you, so you will get instant solutions for your queries.