Security News

A team of researchers at the Universities of Arizona, Georgia, and South Florida, have developed a machine-learning-based CAPTCHA solver that they claim can overcome 94.4% of real challenges on dark websites. The collection of cyber-threat intelligence from illicit dark web markets and forums becomes challenging and expensive, as employees have to be involved in the CAPTCHA solving step.

The OceanLotus group of state-sponsored hackers are now using the web archive file format to deploy backdoors to compromised systems. A report from Netskope Threat Labs shared with Bleeping Computer in advance notes that OceanLotus' campaign using web archive files is still active, although the targeting scope is narrow and despite the command and control server being disrupted.

The privacy-oriented search engine netted more than 35 billion search queries in 2021, a 46.4% jump over 2020. The company, which bills itself as the "Internet privacy company," offering a search engine and other products designed to "Empower you to seamlessly take control of your personal information online without any tradeoffs," remains a rounding error compared to Google in search.

Web app attacks against UK businesses have increased by 251% since October 2019, putting both organizations and consumers at risk, an Imperva reserach reveals. In a study of nearly 4.7 million web application-related cyber security incidents, Imperva Research Labs finds that attacks are increasing, on average, by 22% each quarter.

The Microsoft Azure App Service has a four-year-old vulnerability that could reveal the source code of web apps written in PHP, Python, Ruby or Node, researchers said, that were deployed using Local Git. The Azure App Service is a cloud computing-based platform for hosting websites and web applications.

A dark web marketplace named '2easy' is becoming a significant player in the sale of stolen data "Logs" harvested from roughly 600,000 devices infected with information-stealing malware. "Logs" are archives of data stolen from compromised web browsers or systems using malware, and their most important aspect is that they commonly include account credentials, cookies, and saved credit cards.

With more than 3000 files totalling close to a million line of source code, Apache httpd is a large and capable server, with myriad combinations of modules and options making it both powerful and dangerous at the time. Apache just published an httpd update that fixes two CVE-numbered security bugs.

It was designed to evaluate web application security solutions, such as API security proxies, web application firewalls, IPS, API gateways, and others. "We created GoTestWAF to help the security community evaluate the level of API and application security controls they applied," Ivan Novikov, CEO at Wallarm, told Help Net Security.

Social media and search engine operators in Japan will be required to specify the countries in which users' data is physically stored, under a planned tweak to local laws. The amendment, if passed, requires search engines, social media operators and mobile phone companies with over 10 million Japanese users to disclose where in the world they store data, and identify any foreign subcontractors that can access the data.

Amazon announced on Wednesday plans to shut down its global website ranking system and competitor analysis tool "Alexa.com", which has been available for 25 years. Alexa.com is a subsidiary company of Amazon and it's widely known for its global ranking system which uses web traffic data from its partners to list the most popular internet companies.