Security News

A report released Tuesday by threat intelligence firm Check Point Research explains how phony COVID-19 vaccine documents are selling on the Dark Web and how to avoid these fake documents. For individuals who don't have such a certificate or can't wait for a vaccine, the Dark Web is becoming home to fake documents, according to Check Point's analysis.

"Unfortunately, it seems that FLoC contains a privacy design bug that leaks the information about whether the user is browsing in private mode or not," Olejnik wrote in a blog post on Monday, noting that he'd spotted a similar Incognito detection bug in another API. Incognito mode is supposed to prevent online histories from being recorded in the browser's local log and to erase local HTTP cookies and site data from memory at the end of a session. The service's name suggests otherwise and Google was sued in June, 2020, for allegedly collecting data from Incognito Chrome users.

Twitter has added support for multiple security keys to accounts with two-factor authentication enabled for logging into the social network's web interface and mobile apps. "Secure your account with multiple security keys," Twitter said.

Despite an explosion in the sheer amount of stolen data available on the Dark Web, the value of personal information is holding steady, according to the 2021 Dark Web price index from Privacy Affairs. "The parallels between Dark Web markets and standard consumer markets continue to grow," Hoffman said.

Now web security professionals are asking developers to do their part by recognizing that Spectre broke the old threat model and by writing code that reflects the new one. Last month, Mike West, a Google security engineer, drafted a note titled, "Post-Spectre Web Development," and Mozilla's Daniel Veditz of the W3C's Web Application Security Working Group asked the group to come to a consensus on supporting the recommendations.

Microsoft has pushed out a new update for their Microsoft Safety Scanner tool to detect web shells deployed in the recent Exchange Server attacks. On March 2nd, Microsoft disclosed that four Exchange Server zero-day vulnerabilities were being used in attacks against exposed Outlook on the web servers.

CNAME tracking is a way to configure DNS records to erase the distinction between code and assets from a publisher's domain and tracking scripts on that site that call a server on an advertiser's domain. As privacy barriers have gone up to prevent marketers from gathering data from web users, CNAME manipulation has become more popular.

Brave has fixed a privacy issue in its browser that sent queries for. Onion domains to public internet DNS resolvers rather than routing them through Tor nodes, thus exposing users' visits to dark web websites.

The Dark Web allows cybercriminals to create a Cyber Attacks-as-a-Service ecosystem that outmaneuvers security defenses. Cybersecurity researchers Keman Huang, Michael Siegel, Keri Pearlson and Stuart Madnick in their paper Casting the Dark Web in a New Light, published in the MIT Sloan Management Review, asked whether attackers-who more often than not are one or two steps ahead of cyberdefenders-are more technically adept, or is it something else? The paper was written in 2019, but the material is as relevant now as it was then, and maybe even more so.

Cyemptive Technologies announced Cyemptive Web Fortress, a solution that protects web servers against zero-day cyberattacks in real time. Unlike other solutions on the market, which only identify and work to eliminate "Known" threats after they have infiltrated a system, Cyemptive Web Fortress protects your data and web servers against real-time cyberattacks on a preemptive, immediate basis.