Security News

The study is built upon 10 million posts on encrypted platforms and other kinds of data dredged up from the deep, dark and clear web. Across the dark web onion sites, the total number of forum posts and replies decreased by 13% between 2021 and 2022, dropping from over 91.7 million to around 79.1 million.

The security researchers found that Google Play threats and Android phone infections are big business. A Google Play developer account can be bought for around $60-$200 USD depending on account characteristics such as the number of developed apps or the number of downloads.

External web applications can prove difficult to secure and are often targeted by hackers due to the range of vulnerabilities they may contain. Organizations with business-critical web applications need to take effective measures of their digital attack surface, and pay close attention to these common security risks.

"The most popular application categories to hide malware and unwanted software include cryptocurrency trackers, financial apps, QR-code scanners, and even dating apps," Kaspersky said in a new report based on messages posted on online forums between 2019 and 2023. Dropper apps are the primary means for threat actors looking to sneak malware via the Google Play Store.

ACRO, the UK's criminal records office, is combing over a "Cyber security incident" that forced it to pull its customer portal offline. In an email to users this week - seen by El Reg - ACRO confirmed it has "Recently been made aware of a cyber security incident affecting the website between 17th January 2023 and 21 March 2023.".

A new dark web marketplace called STYX launched earlier this year and appears to be on its way to becoming a thriving hub for buying and selling illegal services or stolen data. However analysts at threat intelligence company Resecurity noticed mentions of STYX on the dark web since early 2022, when the founders were still building the escrow module.

Let's consider uncategorized web traffic, for instance. Given that over 90% of all internet traffic is encrypted today, inspecting uncategorized traffic is paramount to providing visibility into potentially malicious payloads or data exfiltration.

93 percent of CISOs are concerned about dark web threats, and almost 72 percent of CISOs believe that intelligence on cybercriminals is "Critical" to defend their organization and increase cybersecurity, according to Searchlight Cyber. The report findings show that most CISOs use threat intelligence to address security concerns, and 79 percent of CISOs are currently gathering data from the dark web.

Even though your company may not have suffered a direct breach, your data may already be on the Dark Web. Breaches end up being marketed by hackers with data descriptions and auction demands, often in Bitcoin.

The guide, "Protection from web-borne threats starts with Browser Security Platform," details the characteristics and the capabilities of a potential solution, and explains how it compares to other security solutions and why it is needed. The guide calls for the recognition of an emerging security solution category, Browser Security Platform, which provides visibility into the browser's application layer.