Facebook is going to introduce Alert for Facebook Impersonation
To prevent online harassment especially for women users, Facebook is working on a feature that will inform users about cloned accounts according to Mashable. Cyber prowlers imitate Facebook users, do activities on their behalf unless the user finds it, and report it to Facebook. Facebook will automatically send alert to original user about the fake profile pretending to be his original profile. The new feature will count same name and profile picture to identify cloned accounts. It is believed that Facebook will use face recognition technology to identify profile duplication.
Gmail will warn about State Backed Hackers
Google has brought new state backed hackers notification in Gmail. If any government-backed attackers are trying to get your Google account password, Google will show a full-page warning stating recommendations for their safety. However, this type of warning would cover less than 0.1% of users. Generally, policy makers, journalists, and activists would be there to receive such warning. If anyone receives such notification, it does not mean that his account is hijacked but he may be a potential target of phishing or malware.
Companies are not sure to recover data out of Ransomware Attack
According to Tripwire survey, there are only 38% business are capable of recovering crucial data after a hit by Ransomware attack. The survey was carried on 200 security professionals on various topics. Around 49% businesses believed that they were averagely confident about recovering their data while other 13% believed that ransomware could damage their business as well critical data. There were 73% respondents shown that police station, fire departments, hospitals are few sectors that are on high risk of ransomware attack. Besides, there were 53% bosses of company was not able to recognize phishing mails.
Web Application Attacks recorded High Growth
According to Imperva report, the first half of 2015 seen a growth in web application attacks including SQL injection and XSS exploits. The research team analyzed 22,850,023 alerts that showed results of around 297,954 attacks. The report found seven common attacks including SQL injection (SQL), Remote File Inclusion (RFI), Directory Traversal (DT), Cross-Site Scripting (XSS), Comment Spamming (spam), Remote Command Execution (RCE), and Unauthorized File Uploads (FU). The SQL injection reported 3 times growth while XSS attacks grew 2.5 times.
Around 10% rise in Cyber Security Incidents is Reported
Office of Management and Budget (OMB) of the US government carried out a report that stated that around 10% increase indicated in cyber security incidents. The reported incidents were 77,183 compare to 69,851 incidents last year. The report indicated about individual evaluation of information security programs and practices and found that there were areas like configuration management, identity and access management, and risk management practices need improvements.
88% of Malicious Traffic is because of Advanced Persistence Bots
SMTP STS – New Email Protocol is on the Way
Independent security researchers and Silicon Valley technical experts have proposed to introduce a new email protocol named SMTP STS (Strict Transport Security). The new protocol will strengthen SMTP to evade SSL downgrade and MITM attacks. SMTP STS will work on two servers made to validate each other and run in tamper proof environment. Few big companies like Microsoft, Google, Yahoo, LinkedIn, and Comcast have supported this proposal.
Insider Theft remained an Issue in UK and USA Companies
SailPoint – an identity and access management firm has surveyed over 1000 employees in UK, USA, France, Germany, Austria, and the Netherlands about insider theft. The survey showed that one in five employees might sell their corporate passwords if they found right price. There were respondents who may sell their passwords at €900 price. Nearly 65% of all respondents said that they could reuse the password on multiple work related apps. Around 32% employees were likely to share their corporate passwords to other co-workers.