Web Security

Threatpost 

Fake News and Influence: Information Warfare in the Digital Age

August 16, 2019 TH Author akamai, Cybersecurity, deep fakes, Facebook, fake news, Featured, Government, information warfare, infosec insider, tony lauro, Web Security

It’s been around forever, but in a modern digital era marked by influence campaigns and deep fakes, information warfare has become much easier to carry out. READ MORE HERE…

Read more

Threatpost 

Breached Passwords Still in Use By Hundreds of Thousands

August 16, 2019 TH Author breach, compromised password, data breach, Google, password, Web Security

More than 300,000 users still utilize credentials that have been compromised – with people visiting video streaming and porn sites most at fault, Google found in a new study. READ MORE HERE…

Read more

Threatpost 

HTTP Bugs Open Websites to DoS Attacks

August 15, 2019 TH Author akamai, Ambassador, Apache Traffic Server, Apple, CloudFlare, Critical Infrastructure, CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, Envoy, Google, Microsoft, Netty Project, nghttp2, NGINX, Node-JS, SWIFT, Vulnerabilities, Web Security

Eight vulnerabilities in the HTTP/2 server implementations were found in vendors Amazon, Apple, Microsoft and Apache. READ MORE HERE…

Read more

Threatpost 

Energy Sector Phish Swims Past Microsoft Email Security via Google Drive

August 15, 2019 TH Author Credentials, email security gateway, energy company, Google Drive, Microsoft, spearphishing, Web Security

The savvy technique of avoiding malicious links in the email allowed the phishing attack to reach its targets. READ MORE HERE…

Read more

Threatpost 

Clickjacking Evolves to Hook Millions of Top-Site Visitors

August 15, 2019 TH Author ad fraud, chrome, click interception, Clickjacking, Hacks, Malware, Microsoft, Research, spam, USENIX, Web Security

Researchers said that clickjacking is a threat that’s evolving, with new tactics just starting to emerge. READ MORE HERE…

Read more

Threatpost 

Shades of BlueKeep: Wormable Remote Desktop Bugs Top August Patch Tuesday List

August 13, 2019 TH Author august patch tuesday, bluekeep, critical vulnerabilities, Microsoft, Mobile Security, remote code execution, remote desktop services, Vulnerabilities, Web Security

The flaws allow remote code-execution without user interaction or authentication, and are highly exploitable. READ MORE HERE…

Read more

Threatpost 

State Farm Falls Victim to Credential-Stuffing Attack

August 8, 2019 TH Author .insurance, account takeover, breach, compromise, Credential stuffing, cyberattack, data breach, Hacks, notification letter, state farm, Web Security

The insurance giant serves at least 83 million U.S. households. READ MORE HERE…

Read more

Threatpost 

Smominru Cryptominer Scrapes Credentials for Half-Million Machines

August 7, 2019 TH Author access mining, Carbon Black, cryptomining, dark web, EternalBlue, Hacks, Malware, RAT, selling access, Smominru, Vulnerabilities, Web Security

The adversaries have retooled with EternalBlue and credential theft to add a new “access mining” revenue stream. READ MORE HERE…

Read more

Threatpost 

Cryptolocking WordPress Plugin Locks Up Blog Posts

August 6, 2019 TH Author blog posts, Cryptography, cryptolocking, Encryption, malicious plugin, Malware, Sucuri, Web Security, wordpress, wpsecurity

A new type of malicious plugin has been spotted in the wild with the capability of targeting individual blog posts. READ MORE HERE…

Read more

Threatpost 

E3 Website Leaks Private Addresses for Thousands of Journalists

August 5, 2019 TH Author breach, contact information, content creators, data breach, data leak, data security, doxxed, E3 2019, E3 trade show, home addresses, journalist, Online Security, Privacy, private residences, Vulnerabilities, Web Security

Personal data of 2,000 journalists was found publicly accessible on a spreadsheet on the website for popular trade show E3. READ MORE HERE…

Read more