Dec 10, 2022Ravie LakshmananWeb App Firewall / Web Security A new attack method can be used to circumvent web application firewalls (WAFs) of various vendors and infiltrate systems, potentially enabling attackers to gain access to sensitive business and customer information. Web application firewalls are a key line of defense to help filter, monitor, and block HTTP(S) traffic … [Read more...] about Researchers Detail New Attack Method to Bypass Popular Web Application Firewalls
Web
British Hacker Charged for Operating “The Real Deal” Dark Web Marketplace
A 34-year-old U.K. national has been arraigned in the U.S. for operating a dark web marketplace called The Real Deal that specialized in the sales of hacking tools and stolen login credentials. Daniel Kaye, who went by a litany of pseudonyms Popopret, Bestbuy, UserL0ser, and Spdrman, has been charged with five counts of access device fraud and one count of money laundering … [Read more...] about British Hacker Charged for Operating “The Real Deal” Dark Web Marketplace
Researchers Uncover Malicious NPM Packages Stealing Data from Apps and Web Forms
A widespread software supply chain attack has targeted the NPM package manager at least since December 2021 with rogue modules designed to steal data entered in forms by users on websites that include them. The coordinated attack, dubbed IconBurst by ReversingLabs, involves no fewer than two dozen NPM packages that include obfuscated JavaScript, which comes with malicious code … [Read more...] about Researchers Uncover Malicious NPM Packages Stealing Data from Apps and Web Forms
Your Graphics Card Fingerprint Can Be Used to Track Your Activities Across the Web
Researchers have demonstrated a new type of fingerprinting technique that exploits a machine's graphics processing unit (GPU) as a means to track users across the web persistently. Dubbed DrawnApart, the method "identifies a device from the unique properties of its GPU stack," researchers from Australia, France, and Israel said in a new paper," adding " variations in speed … [Read more...] about Your Graphics Card Fingerprint Can Be Used to Track Your Activities Across the Web
The BloodyStealer virus and gamer accounts on the dark web
In March this year, our experts discovered an ad on an underground forum for a piece of malware dubbed BloodyStealer by its creators. The ad states that it steals following data from infected devices: Passwords, cookies, bank card details, browser autofill data; Device data; Screenshots; Desktop and uTorrent client files; Bethesda, Epic Games, GOG, Origin, Steam, Telegram, and … [Read more...] about The BloodyStealer virus and gamer accounts on the dark web
Over 25% Of Tor Exit Relays Spied On Users’ Dark Web Activities
An unknown threat actor managed to control more than 27% of the entire Tor network exit capacity in early February 2021, a new study on the dark web infrastructure revealed. "The entity attacking Tor users is actively exploiting tor users since over a year and expanded the scale of their attacks to a new record level," an independent security researcher who goes by the name … [Read more...] about Over 25% Of Tor Exit Relays Spied On Users’ Dark Web Activities
Why Replace Traditional Web Application Firewall (WAF) With New Age WAF?
At present, web applications have become the top targets for attackers because of potential monetization opportunities. Security breaches on the web application can cost millions. Strikingly, DNS (Domain Name System) related outage and Distributed denial of service (DDoS) lead a negative impact on businesses. Among the wide range of countermeasures, a web application firewall … [Read more...] about Why Replace Traditional Web Application Firewall (WAF) With New Age WAF?
Google Researcher Reported 3 Flaws in Apache Web Server Software
If your web-server runs on Apache, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over it.Apache recently fixed multiple vulnerabilities in its web server software that could have potentially led to the execution of arbitrary code and, in specific scenarios, even could allow attackers to … [Read more...] about Google Researcher Reported 3 Flaws in Apache Web Server Software
Cisco and Amazon Web Services (AWS) Work Together to Accelerate Cloud Adoption
The cloud is an interesting paradigm that takes on multiple personas, depending on who you ask. For the purposes of this post, by the “cloud” I am referring to Infrastructure-as-a-Service (IaaS) public cloud providers, also referred to as Cloud Service Providers (CSPs). Presently, the IaaS market is experiencing the “highest growth rate” among all cloud services and is expected … [Read more...] about Cisco and Amazon Web Services (AWS) Work Together to Accelerate Cloud Adoption
Hackers Using Google Analytics to Bypass Web Security and Steal Credit Cards
Researchers reported on Monday that hackers are now exploiting Google's Analytics service to stealthily pilfer credit card information from infected e-commerce sites.According to several independent reports from PerimeterX, Kaspersky, and Sansec, threat actors are now injecting data-stealing code on the compromised websites in combination with tracking code generated by Google … [Read more...] about Hackers Using Google Analytics to Bypass Web Security and Steal Credit Cards