Security News

Despite an explosion in the sheer amount of stolen data available on the Dark Web, the value of personal information is holding steady, according to the 2021 Dark Web price index from Privacy Affairs. "The parallels between Dark Web markets and standard consumer markets continue to grow," Hoffman said.

Now web security professionals are asking developers to do their part by recognizing that Spectre broke the old threat model and by writing code that reflects the new one. Last month, Mike West, a Google security engineer, drafted a note titled, "Post-Spectre Web Development," and Mozilla's Daniel Veditz of the W3C's Web Application Security Working Group asked the group to come to a consensus on supporting the recommendations.

Microsoft has pushed out a new update for their Microsoft Safety Scanner tool to detect web shells deployed in the recent Exchange Server attacks. On March 2nd, Microsoft disclosed that four Exchange Server zero-day vulnerabilities were being used in attacks against exposed Outlook on the web servers.

CNAME tracking is a way to configure DNS records to erase the distinction between code and assets from a publisher's domain and tracking scripts on that site that call a server on an advertiser's domain. As privacy barriers have gone up to prevent marketers from gathering data from web users, CNAME manipulation has become more popular.

Brave has fixed a privacy issue in its browser that sent queries for. Onion domains to public internet DNS resolvers rather than routing them through Tor nodes, thus exposing users' visits to dark web websites.

The Dark Web allows cybercriminals to create a Cyber Attacks-as-a-Service ecosystem that outmaneuvers security defenses. Cybersecurity researchers Keman Huang, Michael Siegel, Keri Pearlson and Stuart Madnick in their paper Casting the Dark Web in a New Light, published in the MIT Sloan Management Review, asked whether attackers-who more often than not are one or two steps ahead of cyberdefenders-are more technically adept, or is it something else? The paper was written in 2019, but the material is as relevant now as it was then, and maybe even more so.

Cyemptive Technologies announced Cyemptive Web Fortress, a solution that protects web servers against zero-day cyberattacks in real time. Unlike other solutions on the market, which only identify and work to eliminate "Known" threats after they have infiltrated a system, Cyemptive Web Fortress protects your data and web servers against real-time cyberattacks on a preemptive, immediate basis.

The Clop ransomware group has reportedly started posting data on the Dark Web apparently stolen from law firm Jones Day, which represents many of the globe's most powerful people, including former president Donald Trump in his efforts to overturn the 2020 election. The site DataBreached.net was first to report on the incident and published screenshots of stolen Jones Day files that the Clop group posted on the Dark Web as proof it has the goods.

Microsoft says that the number of monthly web shell attacks has almost doubled since last year, with an average of 140,000 such malicious tools being found on compromised servers every month. They can be deployed in a large variety of forms, from app plugins and PHP or ASP code snippets injected within web apps to programs designed to provide web shell features and Perl, Python, Ruby, and Unix shell scripts.

Positive Technologies' experts have analyzed the ten most active forums on the dark web, which offer services for hacking websites, buying and selling databases, and accessing web resources. The research discovered that in 90% of cases, users of dark web forums will search for hackers who can provide them with access to a particular resource or who can download a user database.