Microsoft is Banning Commonly used Passwords
After LinkedIn breach, Microsoft has banned commonly used passwords. Microsoft is analyzing near 10 million breached accounts on daily base to update their banned password list. The motto of doing so is to prevent users from reusing password already in attacker’s list. Azure AD Identity Protection team of Microsoft is now rolling out this feature in Azure Active Directory in few months. Microsoft has also introduced a guidance regarding password usage.
SWIFT Hackers have also Targeted Philippines Bank
SWIFT hackers have now targeted Philippines bank with the same malware, which was used against Bangladesh Bank and Tien Phong bank heist. Last few months, hackers have been targeting SWIFT- a system designed for inter-bank communication network. Symantec identified that hackers used similar code with malware already used in previous attacks on financial industry. Symantec has identified types of malware in South-East Asia attacks, which are Backdoor.Fimlis, Backdoor.Fimlis.B, Backdoor.Contopee, and Trojan.Banswift (variant of Backdoor.Contopee).
Around 18.29%, Alexa Websites have not patched OpenSSL Flaws
High-Tech Bridge Security analyzed that many companies are not still taking OpenSSL patches seriously and remain their servers vulnerable to HTTPS MITM attack. The company researched on top 10K Alexa websites. Since the last year, OpenSSL became more conscious about security fixes, new version release. There are 18.29% websites are vulnerable to OpenSSL flaw, while 62.58% websites were patched and only 19.13% sites were partially patched.
MySpace Suffered from Data Breach
LeakedSource that manages online database of credentials have revealed that hackers have exposed MySpace data of around 427 million users. The breached data includes data of 360,213,024 related to username, email addresses, passwords. Not all breached passwords were linked to accounts and out of them; some accounts had secondary passwords while few accounts have no primary passwords. Passwords were encrypted with SHA-1 algorithm but they were not salted.
FBI received Highest Number of Ransomware Complaints
According to FBI’s IC3 (Internet Crime Complaint Center) report states that FBI received 2,453 number of Ransomware infection complaints. Ransomware infection caused damage around $1.6 million to affected companies. However, FBI report includes only official complaints that the department received, however the actual number varies. Besides, there was Identity theft with 21,949 complaints, confidence fraud with 12,509 complaints, and business email compromise with 7,837 complaints.
Google is planning to replace password with TrustAPI Feature
Google has announced TrustAPI at Google I/O conference that will replace complicated and outdated login & password mechanism for android apps. However, TrustAPI technology will begin test from June on financial institutions. The new technology works on biometric indicators like face shape, voice, movements, typing habit, etc. The software will work in mobile’s background and track user’s movements. TrustAPI will be available for organization to identify other person’s identity.