Security News

Or you can spend money to buy a phony vaccine certificate from some anonymous and potentially untrustworthy cybercriminal on the Dark Web. Sales and advertisements of fake vaccine cards have been spiking to new levels on the Dark Web, according to a report published Wednesday by cyber threat intelligence firm Check Point Research.

Threat actors have leaked 1 million stolen credit cards for free online as a way to promote a fairly new and increasingly popular cybercriminal site dedicated toselling payment-card credentials. The leaked credit cards include the following fields: Credit-card number, expiration date, CVV, name, country, state, city, address, ZIP code, email and phone number, according to threat actors.

A systematic analysis of attacks against Microsoft's Internet Information Services servers has revealed as many as 14 malware families, 10 of them newly documented, indicating that the Windows-based web server software continues to be a hotbed for natively developed malware for close to eight years. IIS is an extensible web server software developed by Microsoft, enabling developers to take advantage of its modular architecture and use additional IIS modules to expand on its core functionality.

Microsoft has announced that the Web Application Firewall bot protection feature has reached general availability on Azure Application Gateway starting this week. Azure Web Application Firewall is a cloud-native service designed to protect customers' web applications from bot attacks, common exploits, as well as common web vulnerabilities, including cross-site scripting, SQL injection, broken auth, security misconfigurations, and more.

In its latest research, security specialist Positive Technologies documents how the market enabling initial access to corporate networks has evolved through 2020 and into early 2021, and reveals that the number of 'access-for-sale' ads on the dark web has increased seven-fold compared with previous years. The company's researchers believe the cybercriminal profile is changing in multiple ways; the profile of an external intruder who gains initial access to a corporate network is different from the criminal who follows through with the attack once inside-most importantly, the two have different skillsets.

The number of ads selling access to corporate networks has continued to increase from 2019 to 2020 and into 2021, says Positive Technologies. A report released Wednesday by security provider Positive Technologies looks at the selling of network access on the Dark Web and examines how this threat continues to grow.

Last year saw a 429% increase in the number of corporate login details with plaintext passwords exposed on the dark web. Luckily, organizations are not totally helpless when it comes to its passwords being put up for sale on the dark web.

Ridge Security announces enhanced and new capabilities in RidgeBot, the automated penetration testing platform. RidgeBot 3.5 features an expanded plugin set addressing critical security gaps in customers' infrastructure, support for seamless 3rd party integration and continued global expansion in its partner ecosystem.

There is even more to space innovation than the fledgling space tourism sector. Space has the potential to be the cloud beyond the clouds, with entrepreneurs large and small creating a global space tech ecosystem covering data and artificial intelligence systems, aerial imagery, remote sensing and more.

Google announced recently that it has expanded the capabilities of Cloud Armor, a service that provides distributed denial of service protections and a web application firewall to keep customers safe from web attacks. Generally available since 2019, Cloud Armor leverages the same infrastructure and technology that Google uses to protect its own internet-facing properties.