Time Warner doubted about Password Breach
Time Warner Cable is suspecting of password breach of around 320K customers data. In this breach, hackers might have collected email passwords by compromising customers’ computers or passcodes. However, the company is still probing about the real method of password breach but there are no indications yet found by the relevant authority. Company officials also sent emails to customers to change passwords. The database includes usernames, e-mail addresses, securely hashed passwords, and encrypted two-factor sources.
Google Banned 13 Malicious Android Apps
Google has banned 13 android apps after finding the fact that these apps were compelling unauthorized downloads as well attempted to gain root exclusive right and make factory reset. According to Lookout security, Honeycomb was one of malicious apps, which had been downloaded by million times, before it was removed. The apps were rated highly and having large number of downloads. These apps were hosted in Google Play Store, which were part of malware family named Brain Test.
Mozilla drawn back support to SHA-1 Certificates
Because of security issues, Mozilla warned its users about its withdrawal of support to SHA-1 certificates. These certificates caused side effects like Man-in-the-middle attack, prevent some antivirus products and security scanners to connect to HTTPS site. However, Mozilla has banned SHA-1 algorithm from January 1 2016. Mozilla advised users to upgrade their browser to the latest version that restore the support for SHA-1.
Mozilla adds W^X Security feature in Firefox
Mozilla has added a new W^X (Write XOR Execute) security feature to protect against buffer flaw in Mozilla. This security feature is present in OpenBSD operating system and Firefox has ported inside its JIT (Just-In-Time) code compiler. This feature assures that whenever arbitrary code will be injected, the Firefox will not blindly run, but will crash soon. Firefox also offered RWX (Read-Write-Execute) permission, which can exploit bugs easily. For regular users, they will see slight delay due to switching from a writeable to an executable memory state.
Chinese Bank Users faced SMS Phishing Campaign
Chinese bank users faced phishing text threat, which pretended to be coming from legitimate bank’s official number. Attacker sends an easy text message to bulk users. This SMS contained a fake website where these fake websites asked users to input bank account and mobile phone number along with bank account login password. When users input their details attackers capture money from their account. The sad thing is that attacker used official bank number, so the message seems legitimate. This SMS was labelled as SMS/Smishing.D. by Intel Security and McAfee Mobile Security.
