Data Security News Headlines 3rd March 2017

  1. Yahoo Reveals 32 Million Accounts Were Hacked Using ‘Cookie Forging Attack’

Yahoo account hack is not new for us, yahoo is suffering from security issues from last two years. Yahoo has just revealed that around 32 million user accounts were accessed by hackers in the last two years using a sophisticated cookie forging attack without any password. When you go to a website, a cookie is a little token that is stored in your browser. Think of all the times you checked a box that said “keep me logged in” or “remember me.” That’s storing a cookie in your browser. This allows the site to store some information and allows you to bypass efforts – such as logging in – each time you want to shop at Amazon or check your Facebook page or read an online subscription. Compromised data includes username password, address, and phone number. These compromised accounts are in addition to the Yahoo accounts affected by the two massive data breaches that the company disclosed in last few months.

Cyber Security Tips: To protect from such forged cookies keep your browser secure, make sure that your cookies are storing in encrypted format, avoid to tic on remember me, keep me login checkboxes and always keep updated antivirus.

  1. Hundreds of Android Apps on Google Play Store Infected with Windows Malware

Use of android phones is increasing day to day also malware attacks are also increasing. According to new news published in HackRead the latest research analysis from security firm Palo Alto Networks, it was revealed that around 132 Android apps on Google Play store contain malicious coding. This could be due to the use of infected computers by the developers at the time of app development. Google has removed the apps from its Play Store while Palo Alto Networks suggest. After installing the malicious coding containing app, these start displaying web pages, which contain hidden iframe that create a link between the device and two suspicious domains.

Cyber security Tips:  Infected apps has been removed by google from play store but users are strictly recommended that never installed apps from untrusted sources.

  1. WordPress Plugin NextGEN Gallery Vulnerable to SQL Injection Attack

From last few months word press is suffering from security breaches in plugins. According to news published in HackRead NextGEN Gallery is a free and open source image management plugin for the WordPress content management system. But bad news for website admin is this plugin is vulnerable for SQL injection attacks. A web security firm- Sucuri discovered that the NextGen gallery for WordPress (WP) is affected by a severe SQL injection vulnerability and attackers can access the targeted website’s database within minutes including all the sensitive data. The version 2.1.79 of the NextGen gallery plugin is affected. There are two possibilities from which the vulnerability can be exploited said Mr. Mihajloski. If a site uses this plugin and the users are allowed to submit posts, an attacker can exploit the issue by executing malicious code via shortcodes, while the other possibility is if a site uses the NextGen basic tag cloud gallery in which case it can be exploited by executing SQL queries by modifying the URL of the gallery.

Cyber Security Tips: Website admins are strictly recommended that immediately update your plugin with latest version.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a free website or blog at WordPress.com.

Up ↑

%d bloggers like this: