Security News

Europol confirms web portal breach, says no operational data stolen
2024-05-11 12:36

Europol, the European Union's law enforcement agency, confirmed that its Europol Platform for Experts portal was breached and is now investigating the incident after a threat actor claimed they stole For Official Use Only documents containing classified data."No operational information is processed on this EPE application. No core systems of Europol are affected and therefore, no operational data from Europol has been compromised."

Dell customer order database of '49M records' stolen, now up for sale on dark web
2024-05-09 17:55

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

reNgine: Open-source automated reconnaissance framework for web applications
2024-05-02 04:30

ReNgine is an open-source automated reconnaissance framework for web applications that focuses on a highly configurable and streamlined recon process. ReNgine was developed to overcome the constraints of conventional reconnaissance tools.

Reddit down in major outage blocking access to web, mobile apps
2024-04-25 17:26

Reddit is investigating a major outage blocking users worldwide from accessing the social network's websites and mobile apps. Mobile users also report seeing an "Error: Choose failed Missing field 'user id'" error or an outage icon with the Reddit alien logo on the mobile app.

Over a million Neighbourhood Watch members exposed through web app bug
2024-04-23 08:30

Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests.

Cheap ransomware for sale on dark web marketplaces is changing the way hackers operate
2024-04-18 05:00

Since June 2023, Sophos X-Ops has discovered 19 junk gun ransomware variants - cheap, independently produced, and crudely constructed - on the dark web. "Over the past two months some of the biggest players in the ransomware ecosystem have disappeared or shut down, and, in the past, we've also seen ransomware affiliates vent their anger over the profit-sharing scheme of RaaS. Nothing within the cybercrime world stays static forever, and these cheap versions of off-the-shelf ransomware may be the next evolution in the ransomware ecosystem-especially for lower-skilled cyber attackers simply looking to make a profit rather than a name for themselves," Budd concluded.

Dark Web Monitoring: What's the Value?
2024-04-17 14:02

In many cases, practitioners have struggled to find value in monitoring the dark web, particularly where a vendor sells them on a comprehensive package but doesn't align the value with the organization's security needs. In other cases organizations may believe they are too small for dark web monitoring to be valuable, but in many cases startups and other small organizations are targeted because they are small.

How to make your web apps resistant to social engineering
2024-04-16 14:02

Despite this, there are still things that you can do to make your web apps more resistant to social engineering. With this in mind, consider implementing these strategies at your organization to protect your web applications and reduce the chance of falling victim to social engineering.

New Windows driver blocks software from changing default web browser
2024-04-07 14:17

Microsoft is now using a Windows driver to prevent users from changing the Windows 10 and Windows 11 default browser manually or through software. SetDefaultBrowser works similarly but is only for changing the default browser in Windows.

New HTTP/2 DoS attack can crash web servers with a single connection
2024-04-04 15:28

Newly discovered HTTP/2 protocol vulnerabilities called "CONTINUATION Flood" can lead to denial of service attacks, crashing web servers with a single TCP connection in some implementations. HTTP/2 is an update to the HTTP protocol standardized in 2015, designed to improve web performance by introducing binary framing for efficient data transmission, multiplexing to allow multiple requests and responses over a single connection, and header compression to reduce overhead. The new CONTINUATION Flood vulnerabilities were discovered by researcher Barket Nowotarski, who says that it relates to the use of HTTP/2 CONTINUATION frames, which are not properly limited or checked in many implementations of the protocol.