ClickSSL Weekly InfoSec Snipper March 28, 2016

This entry is part 16 of 73 in the series Weekly Infosec Snipper

Facebook is going to introduce Alert for Facebook Impersonation

To prevent online harassment especially for women users, Facebook is working on a feature that will inform users about cloned accounts according to Mashable. Cyber prowlers imitate Facebook users, do activities on their behalf unless the user finds it, and report it to Facebook. Facebook will automatically send alert to original user about the fake profile pretending to be his original profile. The new feature will count same name and profile picture to identify cloned accounts. It is believed that Facebook will use face recognition technology to identify profile duplication.

Gmail will warn about State Backed Hackers

Google has brought new state backed hackers notification in Gmail. If any government-backed attackers are trying to get your Google account password, Google will show a full-page warning stating recommendations for their safety. However, this type of warning would cover less than 0.1% of users. Generally, policy makers, journalists, and activists would be there to receive such warning. If anyone receives such notification, it does not mean that his account is hijacked but he may be a potential target of phishing or malware.

Companies are not sure to recover data out of Ransomware Attack

According to Tripwire survey, there are only 38% business are capable of recovering crucial data after a hit by Ransomware attack. The survey was carried on 200 security professionals on various topics. Around 49% businesses believed that they were averagely confident about recovering their data while other 13% believed that ransomware could damage their business as well critical data. There were 73% respondents shown that police station, fire departments, hospitals are few sectors that are on high risk of ransomware attack. Besides, there were 53% bosses of company was not able to recognize phishing mails.

Web Application Attacks recorded High Growth

According to Imperva report, the first half of 2015 seen a growth in web application attacks including SQL injection and XSS exploits. The research team analyzed 22,850,023 alerts that showed results of around 297,954 attacks. The report found seven common attacks including SQL injection (SQL), Remote File Inclusion (RFI), Directory Traversal (DT), Cross-Site Scripting (XSS), Comment Spamming (spam), Remote Command Execution (RCE), and Unauthorized File Uploads (FU). The SQL injection reported 3 times growth while XSS attacks grew 2.5 times.

Around 10% rise in Cyber Security Incidents is Reported

Office of Management and Budget (OMB) of the US government carried out a report that stated that around 10% increase indicated in cyber security incidents. The reported incidents were 77,183 compare to 69,851 incidents last year. The report indicated about individual evaluation of information security programs and practices and found that there were areas like configuration management, identity and access management, and risk management practices need improvements.

88% of Malicious Traffic is because of Advanced Persistence Bots

Distil Network found that in 2015, around 46% of all internet traffic came from bot in which 18% bots were found malicious. There was an increase in Advanced Persistence Bots (APBs) that is responsible for 88% of all malicious bot traffic. APBs can impersonate human behavior and perform various technical activities like load JavaScript, external assets, spoof IP address, cookies tampering. Most of bots aimed at medium businesses with 26% ratio of the entire traffic.

SMTP STS – New Email Protocol is on the Way

Independent security researchers and Silicon Valley technical experts have proposed to introduce a new email protocol named SMTP STS (Strict Transport Security). The new protocol will strengthen SMTP to evade SSL downgrade and MITM attacks. SMTP STS will work on two servers made to validate each other and run in tamper proof environment. Few big companies like Microsoft, Google, Yahoo, LinkedIn, and Comcast have supported this proposal.

Insider Theft remained an Issue in UK and USA Companies

SailPoint – an identity and access management firm has surveyed over 1000 employees in UK, USA, France, Germany, Austria, and the Netherlands about insider theft. The survey showed that one in five employees might sell their corporate passwords if they found right price. There were respondents who may sell their passwords at €900 price. Nearly 65% of all respondents said that they could reuse the password on multiple work related apps. Around 32% employees were likely to share their corporate passwords to other co-workers.

Series Navigation<< ClickSSL Weekly InfoSec Snipper March 21, 2016ClickSSL Weekly InfoSec Snipper April 4, 2016 >>
 

We Assure to Serve

Leading Brands

ClickSSL is platinum partner of leading CAs & offering broad range of SSL certificate products.

Valued Price

You are at right place to get cheapest SSLs; our prices are up to 79% low as compared to CAs.

100% Refund Policy

If you are not satisfied, our all SSL certificates are backed by 30-day 100% money back guarantee.

24×7 Support

Our experts are always active to help you, so you will get instant solutions for your queries.