Security News

A new dark web marketplace called STYX launched earlier this year and appears to be on its way to becoming a thriving hub for buying and selling illegal services or stolen data. However analysts at threat intelligence company Resecurity noticed mentions of STYX on the dark web since early 2022, when the founders were still building the escrow module.

Let's consider uncategorized web traffic, for instance. Given that over 90% of all internet traffic is encrypted today, inspecting uncategorized traffic is paramount to providing visibility into potentially malicious payloads or data exfiltration.

93 percent of CISOs are concerned about dark web threats, and almost 72 percent of CISOs believe that intelligence on cybercriminals is "Critical" to defend their organization and increase cybersecurity, according to Searchlight Cyber. The report findings show that most CISOs use threat intelligence to address security concerns, and 79 percent of CISOs are currently gathering data from the dark web.

Even though your company may not have suffered a direct breach, your data may already be on the Dark Web. Breaches end up being marketed by hackers with data descriptions and auction demands, often in Bitcoin.

The guide, "Protection from web-borne threats starts with Browser Security Platform," details the characteristics and the capabilities of a potential solution, and explains how it compares to other security solutions and why it is needed. The guide calls for the recognition of an emerging security solution category, Browser Security Platform, which provides visibility into the browser's application layer.

Multiple criminals, including at least potentially one nation-state group, broke into a US federal government agency's Microsoft Internet Information Services web server by exploiting a critical three-year-old Telerik bug to achieve remote code execution. "Analysts determined that multiple cyber threat actors, including an APT actor, were able to exploit a.NET deserialization vulnerability in Progress Telerik user interface for ASP.NET AJAX, located in the agency's Microsoft Internet Information Services web server," the joint advisory said.

To get started on your training, we suggest checking out the Premium Ethical Hacking Certification Bundle, currently on sale for a limited time. It features eight courses that illustrate the basics of cyber security, shows students how to test various types of infrastructure and acquaints them with a lot of the tools that IT professionals use every day.

Reddit is investigating a major outage that is blocking users worldwide from accessing the social network's website and mobile apps. According to its official status page, Reddit confirmed that its website and apps are currently down, and its engineers looking into the root cause of this outage.

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.

A new Golang-based malware dubbed GoBruteforcer has been found targeting web servers running phpMyAdmin, MySQL, FTP, and Postgres to corral the devices into a botnet. The malware is mainly designed to single out Unix-like platforms running x86, x64 and ARM architectures, with GoBruteforcer attempting to obtain access via a brute-force attack using a list of credentials hard-coded into the binary.