Security News

Verizon DBIR 2021: Ransomware, Web App and Phishing Attacks Dominate
2021-05-13 14:55

The annual bible of security breaches landed on Thursday with confirmation of more bad news: ransomware attacks continue to explode as organizations struggle with securing web apps, cloud deployments and employees victimized by social engineering. The data, contained in the new Verizon 2021 Data Breach Investigations Report, shows that data-encrypting ransomware attacks appear in about 10 percent of breaches, more than double the frequency from last year.

Over 25% Of Tor Exit Relays Spied On Users' Dark Web Activities
2021-05-11 05:25

An unknown threat actor managed to control more than 27% of the entire Tor network exit capacity in early February 2021, a new study on the dark web infrastructure revealed. "The entity attacking Tor users is actively exploiting tor users since over a year and expanded the scale of their attacks to a new record level," an independent security researcher who goes by the name nusenu said in a write-up published on Sunday.

Top 5 things to know about web shells
2021-05-10 15:31

Tom Merritt lists five things to know about web shells. Recently, the U.S. FBI was given court authorization to delete web shells from Microsoft Exchange servers.

Web shells: Top 5 things to know
2021-05-10 15:15

The use of web shells is increasing, which could put your business at risk. Tom Merritt lists five things to know about web shells.

LogDNA Browser Logger empowers developers to more efficiently debug web applications
2021-05-08 02:00

LogDNA launched a new browser logging capability, which makes it easier for full-stack and frontend developers to ingest frontend log data in LogDNA to more efficiently debug web applications. LogDNA's new Browser Logger addresses this need by automatically capturing errors and logs occurring in the user's browser and allowing dev teams to centralize those errors alongside server-side logs.

Cisco HyperFlex web interface has critical flaw that lets attackers get root and execute arbitrary commands
2021-05-07 05:52

USENIX, the not-for-profit advanced computing association, has decided to put an end to its beloved LISA sysadmin conferences, at least as a standalone event. In an online announcement, the LISA steering committee said that after 35 years of producing the "Best systems engineering content" the event "Will no longer be scheduled as a standalone conference."

DOD Expands Vulnerability Disclosure Program to Web-Facing Targets
2021-05-05 19:09

The United States Department of Defense this week announced an expansion of the scope of its vulnerability disclosure program to include all of its publicly accessible information systems. The program has been running on HackerOne since 2016 when the DOD's Hack the Pentagon initiative was launched and provides security researchers with means to engage with the DOD when they identify vulnerabilities in the department's public-facing websites and applications.

Google Chrome is getting a new Progressive Web App feature
2021-05-01 15:24

As more companies and independent developers are switching to Progressive Web Apps as their preferred solution for native apps, Microsoft and Google are slowly adding new PWA features to improve the web apps experience on Windows and other platforms. For those unaware, Progressive web app, or PWA, is the latest web technology that allows anyone to use web sites as native mobile or desktop apps.

Source Defense colloborate with Prevalent to mitigate third-party risks to client-side web applications
2021-04-21 22:45

Source Defense announced its partnership with Prevalent to identify threats and protect online businesses against automated and client-side attacks exploiting third-party code and website access. To improve visibility into these risks Source Defense identifies and analyzes the areas targeted by client-side threats and open-source risks.

North Korean hackers adapt web skimming for stealing Bitcoin
2021-04-20 07:23

Hackers linked with the North Korean government applied the web skimming technique to steal cryptocurrency in a previously undocumented campaign that started early last year, researchers say. The attacks compromised customers of at least three online stores and relied on infrastructure used for web skimming activities and attributed in the past to Lazarus APT, also known as Hidden Cobra.