Security News

Google, it seems, is joining Apple in limiting the maximum validity of web security certificates - those digitally signed blobs of data that put the S in TLS and the padlock in your address bar - to just one year. Others ask why a year is seen as "Too long" given that certificate authorities such as Let's Enrcypt are already issuing certificates that are only valid for three months at a time, thanks to a smoothly automated process for renewal.

SQL databases allegedly stolen from 945 websites have emerged on the Dark Web, potentially impacting tens of millions of people, Lucy Security reports. The collection contains information from a variety of sites worldwide, which appear to have been breached by different hackers, but not by the entity offering them on the Dark Web.

A California university which is dedicated solely to public health research has paid a $1.14m ransom to a criminal gang in the hopes of regaining access to its data. The University of California San Francisco paid out in the apparently successful hope that the Netwalker group would send it a decryption utility for its illicitly encrypted files, which it referred to as "Data ... important to some of the academic work we pursue as a university serving the public good".

A group of cybercriminals managed to hide their web skimmer in the EXIF metadata of an image that was then surreptitiously loaded by compromised online stores, Malwarebytes reveals. Although image files have been long used to carry malicious code and exfiltrate data, it's unusual to have web skimmers hidden in image files.

Amazon Web Services, an Amazon.com company, announced Amazon Honeycode, a fully managed service that allows customers to quickly build powerful mobile and web applications - with no programming required. Amazon Honeycode does all of this under the covers by automating the process of building and linking the three tiers of functionality found in most business applications, and then deploying fully interactive web and mobile applications to end users so customers can focus on creating great applications without having to worry about writing code or scaling infrastructure.

Your credit card is worth around $33, your driver's license around $27, and your PayPal account around $42, according to Reviews.org. Why is your debit card worth so much more than your credit card? A debit card quickly draws the necessary funds from your bank account.

Researchers reported on Monday that hackers are now exploiting Google's Analytics service to stealthily pilfer credit card information from infected e-commerce sites. According to several independent reports from PerimeterX, Kaspersky, and Sansec, threat actors are now injecting data-stealing code on the compromised websites in combination with tracking code generated by Google Analytics for their own account, letting them exfiltrate payment information entered by users even in conditions where content security policies are enforced for maximum web security.

Credit card details, online banking logins, and social media credentials are available on the dark web at worryingly low prices, according to Privacy Affairs. Online banking logins cost an average of $35. Full credit card details including associated data cost $12-20.

Datadog's integration with Amazon EFS for AWS Lambda brings single-click correlation between AWS Lambda and the underlying Elastic File System. "We are excited to see Datadog integrating support for Amazon EFS for AWS Lambda into their serverless monitoring at launch," said Adam Fergus, Manager, DevOps at Fiix.

The Business Logic Recorder is a unique Acunetix feature that is designed to enable effective testing of particular scenarios, especially multi-step web forms, which would otherwise make it impossible for a scanner to reach all areas of a web application. "Many web applications, including those with shopping carts, use multi-step forms," said Nicholas Schiberras, Acunetix Chief Technology Officer.