Security News

Increased activity surrounding stolen data on the dark web
2021-10-21 03:30

Dark web activity the value of stolen data and cybercriminal behaviors, have dramatically evolved in recent years, according to a Bitglass research. Stolen data has a wider reach and moves more quickly Breach data received over 13,200 views in 2021 vs. 1,100 views in 2015 - a 1,100% increase.

You've heard of HTTPS. Now get a load of HTTPA: Web services in verified remote trusted environments?
2021-10-20 01:25

In a paper distributed this month through ArXiv, they describe a HTTP protocol called HTTPS Attestable to enhance online security with remote attestation - a way for apps to obtain an assurance that data will be handled by trusted software in secure execution environments. "We propose a general solution to standardize attestation over HTTPS and establish multiple trusted connections to protect and manage requested data for selected HTTP domains," they say.

How to keep your data off the Dark Web
2021-10-19 14:29

Data is a hot commodity on the Dark Web where people buy and sell sensitive information, much of it stolen through network breaches. A report released Tuesday by security provider Bitglass looks at how stolen data winds up on the Dark Web and offers advice on what you can do to better protect yourself and your organization.

Brave web browser will add bounce tracking privacy protection
2021-10-15 13:37

Brave, the privacy-conscious web browser, has announced plans to introduce additional privacy protections against 'bounce tracking,' a newer form of tracking that is not currently blocked by the browser. The new system, which Brave's team calls "Debouncing", addresses the bounce tracking method, which disregards users' privacy preferences such as the 'Do Not Track' setting and the blocking of third-party cookies.

Dark Web: Many cybercrime services sell for less than $500
2021-10-13 15:32

A ransomware kit costs as little as $66, though it needs to be modified, while a spearphishing attack can run as low as $100, says Altas VPN. Cybercrime can be a lucrative business for those who specialize in ransomware, phishing campaigns, and other types of attacks. The profit margins are especially healthy because cybercrime products and services often sell at bargain prices on the Dark Web.

What it costs to hire a hacker on the Dark Web
2021-10-12 15:59

From website hacking to DDoS attacks to custom malware to changing school grades, you can buy one of these services from a hacker for hire. Just how much do these types of items cost? A blog post published Tuesday by consumer website Comparitech examines the types of hacking services available on the Dark Web and scopes out their prices.

Apache Warns of Zero-Day Exploit in the Wild — Patch Your Web Servers Now!
2021-10-06 22:31

Apache has issued patches to address two security vulnerabilities, including a path traversal and file disclosure flaw in its HTTP server that it said is being actively exploited in the wild. "A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root," the open-source project maintainers noted in an advisory published Tuesday.

Apache web server zero-day bug is easy to exploit – patch now!
2021-10-06 18:29

The venerable Apache web server has just been updated to fix a dangerous remote code execution bug. This bug is already both widely-known and trivial to exploit, with examples now circulating freely on Twitter, and a single, innocent-looking web request aimed at your server could be enough for an attacker to take it over completely.

Running a recent Apache web server version? You probably need to patch it. Now
2021-10-06 16:28

The Apache Software Foundation has hurried out a patch to address a pair of HTTP Web Server vulnerabilities, at least one of which is already being actively exploited. Apache's HTTP Server is widely used, and the vulnerabilities, CVE-2021-41524 and CVE-2021-41773, aren't great.

Running an Apache web server? You probably need to patch it. Now
2021-10-06 16:28

Unless you want to leak like a sieve The Apache Software Foundation has hurried out a patch to address a pair of HTTP Web Server vulnerabilities, at least one of which is already being actively exploited.…