Security News

This new research reveals that several popular business web applications have failed to implement critical password and authentication requirements to protect customers. Specops' analysis found inadequate password and authentication requirements that could leave customers vulnerable, including allowing users to set weak and breached passwords, often with little or no strong authentication in place.

Threat analysts have uncovered a large-scale campaign targeting Elastix VoIP telephony servers with more than 500,000 malware samples over a period of three months. Security researchers at Palo Alto Networks' Unit 42 say that the attackers' goal was to plant a PHP web shell that could run arbitrary commands on the compromised communications server.

A widespread software supply chain attack has targeted the NPM package manager at least since December 2021 with rogue modules designed to steal data entered in forms by users on websites that include them. The coordinated attack, dubbed IconBurst by ReversingLabs, involves no fewer than two dozen NPM packages that include obfuscated JavaScript, which comes with malicious code to harvest sensitive data from forms embedded downstream mobile applications and websites.

July may positively disrupt and adrenalize the old-fashioned Dynamic Application Security Scanning market, despite the coming holiday season. The pathbreaking innovation comes from ImmuniWeb, a global application security company, well known for, among other things, its free Community Edition that processes over 100,000 daily security scans of web and mobile apps.

Cybersecurity researchers have detailed the various measures ransomware actors have taken to obscure their true identity online as well as the hosting location of their web server infrastructure. "Most ransomware operators use hosting providers outside their country of origin to host their ransomware operations sites," Cisco Talos researcher Paul Eubanks said.

One of the common techniques used by these threat actors to try to add a strong layer of anonymity consists of using The Onion Router network to hide the location of their servers. It is important to note that servers hosted on the Tor network are just typical servers hosted on the Internet - users are merely accessing them via a special network.

Privacy Affairs researchers concluded criminals using the dark web can get a complete set of a person’s account details, enabling them to create fake IDs and forge private documents, such as...

What is the price for personal information, including credit cards and bank accounts, on the dark web? Privacy Affairs researchers concluded criminals using the dark web need only spend $1,115 for a complete set of a person's account details, enabling them to create fake IDs and forge private documents, such as passports and driver's licenses.

7-zip has finally added support for the long-requested 'Mark-of-the-Web' Windows security feature, providing better protection from malicious downloaded files. When you attempt to open a downloaded file, Windows will check if a MoTW exists and, if so, display additional warnings to the user, asking if they are sure they wish to run the file.

More than half of the 24.6 billion stolen credential pairs available for sale on the dark web were exposed in the past year, the Digital Shadows Research Team has found. Of the 24.6 billion credentials for sale, 6.7 billion of the pairs are unique, an increase of 1.7 billion over two years.