Security News

The 2020-2021 State of Web Application Security Report is out from cybersecurity vendor Radware, and it paints a grim picture of security over the past 12 months and a similarly bleak view for the rest of 2021. Among the findings Radware uncovered in its survey of 205 IT security decision-makers are such startling statistics as 98% of respondents saying their apps were subject to an attack in 2020, 92% of organizations are excluding security teams from CI/CD workflows, only 36% of mobile applications have integrated security into their development, and only 27% completely trust the security of their public cloud platforms despite 70% of apps being hosted in the cloud.

As you can imagine, it operated on the so-called dark web, and you'd have needed the Tor browser to access it, using a special web address ending in. As it happens, the epithet dark in the word dark web isn't a metaphorical reference implying that everything on the dark web is evil and dystopian.

Europol cops have taken down dark-web souk DarkMarket, after arresting an Australian citizen living in Germany who they claim was operating the world's biggest online bazaar of its kind. DarkMarket had nearly 500,000 users and more than 2,400 sellers, an official announcement from Europol on Tuesday said, calling it the "World's largest largest illegal marketplace on the dark web."

Europol on Tuesday said it shut down DarkMarket, the world's largest online marketplace for illicit goods, as part of an international operation involving Germany, Australia, Denmark, Moldova, Ukraine, the U.K.'s National Crime Agency, and the U.S. Federal Bureau of Investigation. The illegal internet market specialized in the sales of drugs, counterfeit money, stolen or forged credit card information, anonymous SIM cards, and off-the-shelf malware.

"As a result of COVID-19 and associated global trends, demand for malicious and illicit goods, services and data have reached new peak highs across dark web marketplaces," said researchers in a Friday analysis. Upon a deep-dive investigation into the underground marketplace, researchers found that the pricing for stolen payment cards has soared in 2020; jumping from $14.64 in 2019 to $20.16 in 2020.

Hackers have set up an auction site on the dark web to sell 250,000 databases stolen from tens of thousands of breached MySQL servers. Back in May, BleepingComputer reported about an attacker that was stealing SQL databases from online shops and threatening victims that their data would become public if they did not pay 0.06 BTC. Although the hacker's website on the clear web listed only 31 databases, the number of abuse reports for the wallet left in the ransom note was above 200, indicating a much larger operation.

A war of words has erupted between the National Police Chiefs' Council and a British web security pro after a senior cop declared it would be "a waste of public money" to keep discussing security flaws in the body's Cyberalarm product. Paul Moore says he uncovered what he described as a number of serious flaws in Cyberalarm, a distributed logging and monitoring tool intended to be deployed by small public-sector organisations.

Once your personal data is up for sale, buyers can use it for financial gain or for doxing, a practice where malicious actors publicly reveal private information about you for all to see. In a blog post published Tuesday, security provider Kaspersky looks at the sale of personal data on the Dark Web and offers advice on how to protect your own data.

Google's Privacy Sandbox took another knock today as Marketers for an Open Web wrote to the UK's Competition and Markets Authority requesting a block on the technology's launch. Google is walking a tightrope with its Privacy Sandbox project.

Challenges with Traditional WAF. We often hear from industry members who switched from traditional Web Application Firewall to next Gen WAF what made them switch. 1 - Application and Web Usage ControlApplication and web usage control answers the concern, what type of traffic is blocked? The WAF uses multiple identification categories to identify their exact identity of websites and applications crossing the network and determine how to treat them.