Tech firms are rushing to fix a disastrous security flaw, stemming from the US government’s requirement of lower encryption standards, that for over a decade left millions of users visiting 'secured' websites exposed to potential attacks.
Experts have discovered a massive flaw that allows attackers to decrypt HTTPS-protected traffic passing between millions of websites and users of vulnerable devices, including Android and Apple smartphones and tablets. Researchers found that some websites that use SSL or TLS protocols, including government ones, are vulnerable and could be tricked into setting up a connection through weak encryption keys.Read more
One more piece of malware adware has been thrust into the spotlight, one that also breaks HTTPS connections, but is arguably worse than Superfish, which was pre-installed on new Lenovo laptops manufactured at the tail end of 2014.
Experts reported that malvertising installs its own certificate and breaks SSL connections by creating a man-in-the-middle vulnerability that can be exploited by anyone to sniff traffic. Superfish makes Lenovo PCs vulnerable to malware and malicious attacks by pre-loading the adware. However, a new malware adware doesn’t contain the exact vulnerability as Superfish, it likely presents a bigger mess for users.Read more
File integrity monitoring, patching, key defence. Criminals are ransoming database backups, after compromising web applications to change databases' encryption settings. Security consultancy claimed the attacks start with an attack on a web site that yeilds acess to a database server.
Once in, attackers change the encryption settings used by the database and store the key on an HTTPS server somewhere, an operation that apparently escapes some admins' attention. To pull off the attack, the attackers remove the key from the remote server, at which point the website operator notices their site is down.Read more
With the continuous advancements made in technology, our online experiences are becoming more streamlined and seemingly user friendly.
We no longer require stationary desktop computers to access the Internet, but instead can reach the web through our laptops, smartphones, tablets and now, televisions. Smart TVs are one of the latest additions to the family of fun gadgets millions of people have their eyes on, but are they secure? In January 2014, there was a deeper dive into the safety of smart TVs by inspecting the televisions of major manufactures. Journalists were able to crack into the devices by messing with their SSL certificates.Read more
110 Reykjavik, Iceland