Security Alerts & News
by Tymoteusz A. Góral

History
#1237 Google domain enables HSTS protection
Google is adding HTTP Strict Transport Security (or HSTS) to the Google.com domain, an extra layer of protection that prevents visitors from using a less secure HTTP connection.

By using HSTS, visitors following HTTP links to Google.com will be automatically redirected to the more secure HTTPS version of the Google domain. The effort, announced Friday, is meant to protect against protocol downgrade attacks, session hijacking and man-in-the-middle attacks that exploit insecure web connections.

“HSTS prevents people from accidentally navigating to HTTP URLs by automatically converting insecure HTTP URLs into secure HTTPS URLs. Users might navigate to these HTTP URLs by manually typing a protocol-less or HTTP URL in the address bar, or by following HTTP links from other websites,” wrote Jay Brown, a senior technical program manager for security at Google in blog post on Friday.
#1236 Kaspersky DDoS Intelligence Report for Q2 2016
The second quarter of 2016 saw cybercriminals paying close attention to financial institutions working with cryptocurrency. Several of these organizations cited DDoS attacks as the reason for ceasing their activities. Intense competition leads to the use of unfair methods, one of which is the use of DDoS attacks. A strong interest on the part of the attackers is due to a particular feature of the businesses involved in processing cryptocurrency – not everyone is happy about the lack of regulation when it comes to cryptocurrency turnover.

Another trend is the use of vulnerable IoT devices in botnets to launch DDoS attacks. In one of our earlier reports, we wrote about the emergence of a botnet consisting of CCTV cameras; the second quarter of 2016 saw a certain amount of interest in these devices among botnet organizers. It is possible that by the end of this year the world will have heard about some even more “exotic” botnets, including vulnerable IoT devices.
#1235 Attack with WPAD protocol and PAC files can leak HTTPS traffic
Alex Chapman and Paul Stone from Context, a UK cyber security consultancy firm, have discovered a new attack method using the WPAD protocol and PAC files to leak information about the HTTPS sites a user is visiting.

Their discovery is yet another drop in the pit of exploits that use the widely insecure WPAD protocol.

WPAD stands for Web Proxy Auto-Discovery and is a protocol used to broadcast proxy configurations across a network. This "broadcasting" operation is done using proxy configurations called PAC files, or proxy auto-configs, which browsers or other Internet-connecting apps receive before being routed to their destination.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12