Security News
External web applications can prove difficult to secure and are often targeted by hackers due to the range of vulnerabilities they may contain. Organizations with business-critical web applications need to take effective measures of their digital attack surface, and pay close attention to these common security risks.
"The most popular application categories to hide malware and unwanted software include cryptocurrency trackers, financial apps, QR-code scanners, and even dating apps," Kaspersky said in a new report based on messages posted on online forums between 2019 and 2023. Dropper apps are the primary means for threat actors looking to sneak malware via the Google Play Store.
ACRO, the UK's criminal records office, is combing over a "Cyber security incident" that forced it to pull its customer portal offline. In an email to users this week - seen by El Reg - ACRO confirmed it has "Recently been made aware of a cyber security incident affecting the website between 17th January 2023 and 21 March 2023.".
A new dark web marketplace called STYX launched earlier this year and appears to be on its way to becoming a thriving hub for buying and selling illegal services or stolen data. However analysts at threat intelligence company Resecurity noticed mentions of STYX on the dark web since early 2022, when the founders were still building the escrow module.
Let's consider uncategorized web traffic, for instance. Given that over 90% of all internet traffic is encrypted today, inspecting uncategorized traffic is paramount to providing visibility into potentially malicious payloads or data exfiltration.
93 percent of CISOs are concerned about dark web threats, and almost 72 percent of CISOs believe that intelligence on cybercriminals is "Critical" to defend their organization and increase cybersecurity, according to Searchlight Cyber. The report findings show that most CISOs use threat intelligence to address security concerns, and 79 percent of CISOs are currently gathering data from the dark web.
Even though your company may not have suffered a direct breach, your data may already be on the Dark Web. Breaches end up being marketed by hackers with data descriptions and auction demands, often in Bitcoin.
The guide, "Protection from web-borne threats starts with Browser Security Platform," details the characteristics and the capabilities of a potential solution, and explains how it compares to other security solutions and why it is needed. The guide calls for the recognition of an emerging security solution category, Browser Security Platform, which provides visibility into the browser's application layer.
Multiple criminals, including at least potentially one nation-state group, broke into a US federal government agency's Microsoft Internet Information Services web server by exploiting a critical three-year-old Telerik bug to achieve remote code execution. "Analysts determined that multiple cyber threat actors, including an APT actor, were able to exploit a.NET deserialization vulnerability in Progress Telerik user interface for ASP.NET AJAX, located in the agency's Microsoft Internet Information Services web server," the joint advisory said.
To get started on your training, we suggest checking out the Premium Ethical Hacking Certification Bundle, currently on sale for a limited time. It features eight courses that illustrate the basics of cyber security, shows students how to test various types of infrastructure and acquaints them with a lot of the tools that IT professionals use every day.