ClickSSL Weekly InfoSec Snipper July 25, 2016

This entry is part 33 of 73 in the series Weekly Infosec Snipper

Digital Extremes – A gaming company faced Data Breach

The gaming companies named Digital Extremes has announced about data breach that was happened on the main website. The hacker used Drupalgeddon SQL injection (CVE-2014-3704) to hack into the website. The hacker has stolen 775749 user records. Drupal installation was used to register players and collect different data of users. Digital Extremes has announced to add 2FA support for forum and requested users to change their passwords.

Cross-site scripting vulnerability found in WooCommerce

Security researcher from Securify – a Dutch security company has found vulnerability in WooCommerce e-commerce plugin used for WordPress. The discovery of vulnerability was a part of Summer of Pwnage event that was taking place in July month. WooCommerce pulls metadata from uploaded images and uses it as the title and description field showed as captions on the store’s front end. Attacker has to inject XSS payload in the metadata field, tricking store admin to use the malicious image for product’s main page. However, the company has patched vulnerability later.

Ransomware is increasing, Says Symantec Report

Symantec came up with a report that highlights on the rising figure of ransomware in corporations. Symantec discovered 100 new ransomware families and the average demand of ransom is peaked to $679 from $294 in last 2015 year. In January 2016, a new ransomware named 7ev3n-HONE$T has come into light which requested ransom of 13 bitcoins means comes to $5083 amount. Mostly US countries are highly affected with ransomware and if we talk about industries then public administration, finance, insurance and real estate were on the top of infected industries.

Symantec SSL Certificate

GSM and LTE Mobile Networks are Vulnerable

GSM and LTE mobile networks are vulnerable to a RCE (remote code execution) flaw that allows attackers to gain access of the equipment. The vulnerability was found in ASN1C code compiler used in software applications that are made to manage and interconnect mobile networks across the globe. The flaw was discovered during the audit of Objective System that ships ASN1C equipment. The vulnerability is heap-based buffer overflow that allows attacker to run code on affected systems without requiring authentication on the device.

DDoS attack is amplified at 579Gbps Bandwidth

Arbor Networks recorded highest 579 Gbps bandwidth DDoS attack during the first half of this 2016 year. The earlier attack was of 500Gbps bandwidth. However, the Arbor report shows that the average bandwidth of the attack was 986 Mbps. The report says that 80% of attacks were of small to middle size while 46 attacks were of above 200Gbps. USA, France, and Britain were top targets for the attack that reached more than 10Gbps bandwidth.

Verizon is likely to buy Yahoo Core Business

The telecommunication giant Verizon is planning to buy Yahoo’s core business for $5 Billion. However, which assets would be a part of this agreement is not clear yet. Yahoo spokesperson refuses to comment further on this deal. It is believed that the reason to buy Yahoo is to fight against Google and Facebook in mobile advertising market. The growth of Verizon in traditional telecom business is declined and with this deal, the company can cover market of digital advertisement.

Series Navigation<< ClickSSL Weekly InfoSec Snipper July 18, 2016ClickSSL Weekly InfoSec Snipper August 1, 2016 >>
 

We Assure to Serve

Leading Brands

ClickSSL is platinum partner of leading CAs & offering broad range of SSL certificate products.

Valued Price

You are at right place to get cheapest SSLs; our prices are up to 79% low as compared to CAs.

100% Refund Policy

If you are not satisfied, our all SSL certificates are backed by 30-day 100% money back guarantee.

24×7 Support

Our experts are always active to help you, so you will get instant solutions for your queries.