Facebook enabled U2F for security reason
Facebook has enabled Fido-compliant Universal 2nd Factor Authentication (U2F). It allows users to log into Facebook with Yubikey – physical security. A hardware-based authentication would simplify, tighten and secure the Facebook platform. Many companies like Google, Dropbox, GitHub, and browsers like Chrome, and Opera already implement U2F technology. This authentication can be used to authenticate online services without requiring mobile connections and batteries. It can prevent phishing, man-in-middle and another type of attacks.
AlphaBay – a Dark Marketplace faced cyber attack
AlphaBay – a dark market place is under threat and hacker has exploited vulnerabilities in the internal mailing system of the website. AlphaBay has paid the hacker as hacker has hijacked 200,000 private messages. Hacker has access messages of buyer and seller, as messages were not encrypted. The messages included illegal drugs to exploits, malware and stolen data. Hacker has also posted five screenshots to prove that the website is hacked.
China put ban on use of VPNs
China has put a step forward and banned on mass VPNs, and made it hard for internet users to bypass Great Firewall of China. Great Firewall of China is a shield project to censor internet and block many foreign websites. The ministry of Industry and Information Technology launched a 14-month restriction on the usage of unverified web connections that includes VPN too. The new rule made use of VPN without prior approval of the government.
Around 4.2 Billion records were exposed in 2016
Risk Based Security brought a report, which said that around 4149 data breaches were done and half of them (47.5%) were done in the USA only. The total breaches exposed 4.2 billion records and 68.2% of records were from US citizens. There are different parts of the world where the data breaches were not reported, because they were not detected. The cases related to theft of credentials were declined in 2016 compared to year 2015.
Gmail stopped JavaScript file as email attachment
Gmail is going to stop attachment of JavaScript (.js) in email for security reason. JavaScript files may contain insidious threats, therefore; such files will not be allowed as an email attachment. Gmail will show a warning messages if the user attaches such a file. Google also suggested sharing such files via Google drive and cloud storage. JavaScript files have been exploited in recent malicious campaigns and that’s why the step to ban such files as attachment seems a good effort.