A take on the security news, week 01 2016

Fri 08 January 2016

A take on the security news, week 01 / 2016. I summarize some of the news that I considered noteworthy related to information security this week.

Monday

Check your sites header for security problems

A breakdown of various http-headers and what impact they have on the security of your site. When read and implemented you should be able to get a better grate on the securityheaders.io tests.

https://diogomonica.com/2015/12/29/from-double-f-to-double-a/

https://securityheaders.io/

Bicycle attack

https://guidovranken.files.wordpress.com/2015/12/https-bicycle-attack.pdf

Tuesday

Ransomware implemented in javascript, or ransomware as a service

Based on NW.js this javascript based ransomware has the potential to be crossplatform. Since NW.js is a legit framework they have also been slipping under the radar when it comes to detection by anti virus/malware products.

Full breakdown in the article linked to below.

http://blog.emsisoft.com/2016/01/01/meet-ransom32-the-first-javascript-ransomware/

Android january updates

5 vulnerabilities rated as critical, which one of them is an remote code execution vulnerability. This vulnerability is exploitable through email, web and mms when processing media files.

Patch for Nexus devices are already released, other brands will have to wait for carriers / oems to release updates.

http://source.android.com/security/bulletin/2016-01-01.html

Cisco Jabber STARTTLS Downgrade Vulnerability

A vulnerability in the Cisco Jabber client could allow an unauthenticated, remote attacker to perform a STARTTLS downgrade attack.

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151224-jab

Wednesday

Thursday

Friday

Tagged as : security