ClickSSL Weekly InfoSec Snipper January 11, 2016

Time Warner doubted about Password Breach

Time Warner Cable is suspecting of password breach of around 320K customers data. In this breach, hackers might have collected email passwords by compromising customers’ computers or passcodes. However, the company is still probing about the real method of password breach but there are no indications yet found by the relevant authority. Company officials also sent emails to customers to change passwords. The database includes usernames, e-mail addresses, securely hashed passwords, and encrypted two-factor sources.

Google Banned 13 Malicious Android Apps

Google has banned 13 android apps after finding the fact that these apps were compelling unauthorized downloads as well attempted to gain root exclusive right and make factory reset. According to Lookout security, Honeycomb was one of malicious apps, which had been downloaded by million times, before it was removed. The apps were rated highly and having large number of downloads. These apps were hosted in Google Play Store, which were part of malware family named Brain Test.

Mozilla drawn back support to SHA-1 Certificates

Because of security issues, Mozilla warned its users about its withdrawal of support to SHA-1 certificates. These certificates caused side effects like Man-in-the-middle attack, prevent some antivirus products and security scanners to connect to HTTPS site. However, Mozilla has banned SHA-1 algorithm from January 1 2016. Mozilla advised users to upgrade their browser to the latest version that restore the support for SHA-1.

Cheap SSL

Mozilla adds W^X Security feature in Firefox

Mozilla has added a new W^X (Write XOR Execute) security feature to protect against buffer flaw in Mozilla. This security feature is present in OpenBSD operating system and Firefox has ported inside its JIT (Just-In-Time) code compiler. This feature assures that whenever arbitrary code will be injected, the Firefox will not blindly run, but will crash soon. Firefox also offered RWX (Read-Write-Execute) permission, which can exploit bugs easily. For regular users, they will see slight delay due to switching from a writeable to an executable memory state.

Chinese Bank Users faced SMS Phishing Campaign

Chinese bank users faced phishing text threat, which pretended to be coming from legitimate bank’s official number. Attacker sends an easy text message to bulk users. This SMS contained a fake website where these fake websites asked users to input bank account and mobile phone number along with bank account login password. When users input their details attackers capture money from their account. The sad thing is that attacker used official bank number, so the message seems legitimate. This SMS was labelled as SMS/Smishing.D. by Intel Security and McAfee Mobile Security.


We Assure to Serve

Leading Brands

ClickSSL is platinum partner of leading CAs & offering broad range of SSL certificate products.

Valued Price

You are at right place to get cheapest SSLs; our prices are up to 79% low as compared to CAs.

100% Refund Policy

If you are not satisfied, our all SSL certificates are backed by 30-day 100% money back guarantee.

24×7 Support

Our experts are always active to help you, so you will get instant solutions for your queries.