CloudFlare Websites Leaked Users’ Private Session
Google researchers have discovered a bug in CloudFlare websites that leaked users’ private session keys and personal information into stranger’s browsers. CloudFlare managed to fix this issue within seven hours. About 2 million websites got affected with this vulnerability. CloudFlare disabled three features while fixing this issue like email obfuscation, Server-side Excludes and Automatic HTTPS Rewrites. All these using HTML parser chain which producing the leakage.
Banking Trojan Rose By 30% In 2016, Says Kaspersky
According to Kaspersky research, the users affected with Banking Trojans had increased by 30% and reached to 1 million. Out of these, 17% users were belonged to corporate users. The users reside in Russia, Germany, Japan, India, Vietnam and the united States were mostly targeted in this type of attack. Zbot – a Trojan was on the top position that affected 44% of users. Then Gozi family- a Trojan was on second with following Nymaim, Shiotob, ZAccess, Tinba and Shiz Trojans.
Mozilla Will Sunset The Use Of SHA-1 In Version-52
Mozilla has finally sunset the use of SHA-1 in public web. The deprecation plan for SHA-1 was announced in 2015 and the browser authority is going to release 52-version to disable SHA-1 algorithm. Mozilla believes that the update will affect only 0.1% web traffic that is still using SHA-1. Google has also made steps in deprecating SHA-1 algorithm.
The USA Country Is On Top Position In Spam Mail, Says Kaspersky
According to Kaspersky report, the last year’s fourth quarter, a fifth of all spam mails carried ransomware. The volume of spam emails rose to 58% in 2016 that is 3% high than in 2015. The USA was remained main source of spam mails that spread across its 50 states. The second position is Vietnam with 10.3% ratio while the third position goes to India with 10.15% spam mail ratio. While Germany was mostly affected country with 14% ratio and second country is Japan with 7.6% ratio.
Removal Of Admin Rights Can Solve 94% Critical Vulnerabilities
According to Avecto research – a software company revealed that removal of admin rights could mitigate 94% of Windows vulnerability. During 2016 year, 530 vulnerabilities were reported and out of them 189 were critical vulnerabilities. If we talk about browser, Microsoft faced remote code execution vulnerabilities; out of it, 70% were critical vulnerabilities. Even Microsoft Edge faced 111 vulnerabilities and out of it, 68 were found critical. All these vulnerabilities could have been mitigated just by removal of admin rights.
Kaspersky Launched Its OS Finally
Kaspersky finally launched its Operating System that is based on Microkernel architecture that is useful for network devices, industrial control systems and the Internet of Things. The OS is not for home PC but is for industrial systems and embedded devices to protect from cyber-attacks and third party or malicious code execution. The new OS has strict cyber security requirements that could reduce the risk of cyber-attacks targeting ICS or IoT devices.
