Security News

Are these hacking services as abundant as rumored, or is the dark web full of scammers that are merely waiting to snatch the money of aspiring spies? Analysts at SOS Intelligence have searched the dark web for providers of SS7 exploitation services and found 84 unique onion domains claiming to offer them.

The past year in web app cybersecurity was anything but calm, and if predictions on the coming year from PerimeterX CTO Ido Safruti are accurate, it's going to be another year of struggles to protect web apps. Safruti predicts a 2022 in which custom-tailored malware, bot attacks and post-login fraud spike, causing leaders to finally confront the reality of online fraud: It varies greatly, is becoming more selective in its targets and is present everywhere from before login to well after a username and password are entered.

Microsoft has announced that web content filtering has reached general availability and is now available for all Windows enterprise customers."The Microsoft Defender for Endpoint team is pleased to announce the general availability of web content filtering for our customers on Windows," said Thomas Doucette, a Program Manager at Microsoft.

Law enforcement authorities arrested 150 suspects allegedly involved in selling and buying illicit goods on DarkMarket, the largest illegal marketplace on the dark web when it was taken down in January 2021. The arrests are the result of a coordinated international operation dubbed Dark HunTOR that lasted ten months and involved police forces and investigators from nine countries.

Discovered by Huntress Labs earlier this month, the ongoing attacks focus on an SQL-injection bug in the BQE Web Suite from BQE Software. 102621 08:41 UPDATE: BQE clarified that the vulnerability affects BQE Web Suite customers, not BillQuick Web Suite customers, and that Huntress' reference to BillQuick was inaccurate.

Dark web activity the value of stolen data and cybercriminal behaviors, have dramatically evolved in recent years, according to a Bitglass research. Stolen data has a wider reach and moves more quickly Breach data received over 13,200 views in 2021 vs. 1,100 views in 2015 - a 1,100% increase.

In a paper distributed this month through ArXiv, they describe a HTTP protocol called HTTPS Attestable to enhance online security with remote attestation - a way for apps to obtain an assurance that data will be handled by trusted software in secure execution environments. "We propose a general solution to standardize attestation over HTTPS and establish multiple trusted connections to protect and manage requested data for selected HTTP domains," they say.

Data is a hot commodity on the Dark Web where people buy and sell sensitive information, much of it stolen through network breaches. A report released Tuesday by security provider Bitglass looks at how stolen data winds up on the Dark Web and offers advice on what you can do to better protect yourself and your organization.

Brave, the privacy-conscious web browser, has announced plans to introduce additional privacy protections against 'bounce tracking,' a newer form of tracking that is not currently blocked by the browser. The new system, which Brave's team calls "Debouncing", addresses the bounce tracking method, which disregards users' privacy preferences such as the 'Do Not Track' setting and the blocking of third-party cookies.

A ransomware kit costs as little as $66, though it needs to be modified, while a spearphishing attack can run as low as $100, says Altas VPN. Cybercrime can be a lucrative business for those who specialize in ransomware, phishing campaigns, and other types of attacks. The profit margins are especially healthy because cybercrime products and services often sell at bargain prices on the Dark Web.