ClickSSL Weekly InfoSec Snipper May 30, 2016

This entry is part 25 of 73 in the series Weekly Infosec Snipper

Microsoft is Banning Commonly used Passwords

After LinkedIn breach, Microsoft has banned commonly used passwords. Microsoft is analyzing near 10 million breached accounts on daily base to update their banned password list. The motto of doing so is to prevent users from reusing password already in attacker’s list. Azure AD Identity Protection team of Microsoft is now rolling out this feature in Azure Active Directory in few months. Microsoft has also introduced a guidance regarding password usage.

SWIFT Hackers have also Targeted Philippines Bank

SWIFT hackers have now targeted Philippines bank with the same malware, which was used against Bangladesh Bank and Tien Phong bank heist. Last few months, hackers have been targeting SWIFT- a system designed for inter-bank communication network. Symantec identified that hackers used similar code with malware already used in previous attacks on financial industry. Symantec has identified types of malware in South-East Asia attacks, which are Backdoor.Fimlis, Backdoor.Fimlis.B, Backdoor.Contopee, and Trojan.Banswift (variant of Backdoor.Contopee).

Around 18.29%, Alexa Websites have not patched OpenSSL Flaws

High-Tech Bridge Security analyzed that many companies are not still taking OpenSSL patches seriously and remain their servers vulnerable to HTTPS MITM attack. The company researched on top 10K Alexa websites. Since the last year, OpenSSL became more conscious about security fixes, new version release. There are 18.29% websites are vulnerable to OpenSSL flaw, while 62.58% websites were patched and only 19.13% sites were partially patched.

Cheap SSL

MySpace Suffered from Data Breach

LeakedSource that manages online database of credentials have revealed that hackers have exposed MySpace data of around 427 million users. The breached data includes data of 360,213,024 related to username, email addresses, passwords. Not all breached passwords were linked to accounts and out of them; some accounts had secondary passwords while few accounts have no primary passwords. Passwords were encrypted with SHA-1 algorithm but they were not salted.

FBI received Highest Number of Ransomware Complaints

According to FBI’s IC3 (Internet Crime Complaint Center) report states that FBI received 2,453 number of Ransomware infection complaints. Ransomware infection caused damage around $1.6 million to affected companies. However, FBI report includes only official complaints that the department received, however the actual number varies. Besides, there was Identity theft with 21,949 complaints, confidence fraud with 12,509 complaints, and business email compromise with 7,837 complaints.

Google is planning to replace password with TrustAPI Feature

Google has announced TrustAPI at Google I/O conference that will replace complicated and outdated login & password mechanism for android apps. However, TrustAPI technology will begin test from June on financial institutions. The new technology works on biometric indicators like face shape, voice, movements, typing habit, etc. The software will work in mobile’s background and track user’s movements. TrustAPI will be available for organization to identify other person’s identity.

Series Navigation<< ClickSSL Weekly InfoSec Snipper May 23, 2016ClickSSL Weekly InfoSec Snipper June 06, 2016 >>
 

We Assure to Serve

Leading Brands

ClickSSL is platinum partner of leading CAs & offering broad range of SSL certificate products.

Valued Price

You are at right place to get cheapest SSLs; our prices are up to 79% low as compared to CAs.

100% Refund Policy

If you are not satisfied, our all SSL certificates are backed by 30-day 100% money back guarantee.

24×7 Support

Our experts are always active to help you, so you will get instant solutions for your queries.