ClickSSL Weekly InfoSec Snipper January 30, 2017

This entry is part 59 of 73 in the series Weekly Infosec Snipper

Facebook enabled U2F for security reason

Facebook has enabled Fido-compliant Universal 2nd Factor Authentication (U2F). It allows users to log into Facebook with Yubikey – physical security. A hardware-based authentication would simplify, tighten and secure the Facebook platform. Many companies like Google, Dropbox, GitHub, and browsers like Chrome, and Opera already implement U2F technology. This authentication can be used to authenticate online services without requiring mobile connections and batteries. It can prevent phishing, man-in-middle and another type of attacks.

AlphaBay – a Dark Marketplace faced cyber attack

AlphaBay – a dark market place is under threat and hacker has exploited vulnerabilities in the internal mailing system of the website. AlphaBay has paid the hacker as hacker has hijacked 200,000 private messages. Hacker has access messages of buyer and seller, as messages were not encrypted. The messages included illegal drugs to exploits, malware and stolen data. Hacker has also posted five screenshots to prove that the website is hacked.

China put ban on use of VPNs

China has put a step forward and banned on mass VPNs, and made it hard for internet users to bypass Great Firewall of China. Great Firewall of China is a shield project to censor internet and block many foreign websites. The ministry of Industry and Information Technology launched a 14-month restriction on the usage of unverified web connections that includes VPN too. The new rule made use of VPN without prior approval of the government.

Cheap SSL

Around 4.2 Billion records were exposed in 2016

Risk Based Security brought a report, which said that around 4149 data breaches were done and half of them (47.5%) were done in the USA only. The total breaches exposed 4.2 billion records and 68.2% of records were from US citizens. There are different parts of the world where the data breaches were not reported, because they were not detected. The cases related to theft of credentials were declined in 2016 compared to year 2015.

Gmail stopped JavaScript file as email attachment

Gmail is going to stop attachment of JavaScript (.js) in email for security reason. JavaScript files may contain insidious threats, therefore; such files will not be allowed as an email attachment. Gmail will show a warning messages if the user attaches such a file. Google also suggested sharing such files via Google drive and cloud storage. JavaScript files have been exploited in recent malicious campaigns and that’s why the step to ban such files as attachment seems a good effort.

Series Navigation<< ClickSSL Weekly InfoSec Snipper January 23, 2017ClickSSL Weekly InfoSec Snipper February 6, 2017 >>
 

We Assure to Serve

Leading Brands

ClickSSL is platinum partner of leading CAs & offering broad range of SSL certificate products.

Valued Price

You are at right place to get cheapest SSLs; our prices are up to 79% low as compared to CAs.

100% Refund Policy

If you are not satisfied, our all SSL certificates are backed by 30-day 100% money back guarantee.

24×7 Support

Our experts are always active to help you, so you will get instant solutions for your queries.