Our 2021 Website Threat Research Report details our findings and analysis of emerging and ongoing trends and threats in the website security landscape. We’ve put together this analysis to help keep website owners informed and aware of the dangers posed by malicious actors. This year’s report is a collection of observations made by Sucuri’s Research and Remediation teams from data collected on web-based malware, vulnerable software, and attacks during 2021. The data used in this report is a representative sample of the total number of websites that our Remediation...
cyber security
Charges against the individual – Sebastien Vachon-Desjardins, 34, of Gatineau, Quebec, Canada – were announced last year, when law enforcement authorities in the U.S. and Europe seized the dark web sites used in the NetWalker ransomware operations. Offered under the ransomware-as-a-service (RaaS) business model, NetWalker – also known as Malito – emerged in 2019 and has been involved in a variety of high-profile attacks, including ones targeting education, government, health, and public transportation organizations. The U.S. Department of Justice said that dozens of entities worldwide were hit by NetWalker, which “specifically...
The freight logs of two major Chinese shipping ports have been leaking data, a problem which if left unresolved could disrupt the supply chain of up to 70,000 tonnes of cargo a day, with potentially serious consequences for international shipping. The cybernews® research team identified an open ElasticSearch database, which contained more than 243GB of data detailing current and historic ship positions that is exposed to the public. Analyzing the data, the team determined that it is highly likely to belong to the Yangtze river ports of Nanjing and...
At a time when cyber security is top of mind for many firms, Google announced it was paying $5.4 billion to acquire security intelligence company Mandiant, giving it access to security data gathering capabilities, as well as a team of hundreds of security consultants. The company will become part of Google Cloud upon closing. Google Cloud head Thomas Kurian pointed out that companies were facing unprecedented security threats, especially as the war in Ukraine rages, and Mandiant gives the company a platform of security services to add to the Google Cloud platform. “This is an opportunity...
A new type of malware takes a decidedly more stealthy and hard-to-remove path into your OS — it hides in your BIOS chip and thus remains even after you reinstall your OS or format your hard drive. Kaspersky has observed the growth of Unified Extensible Firmware Interface (UEFI) firmware malware threats since 2019, with most storing malware on the EFI System Partition of the PC’s storage device. However, a sinister development had earlier been spotted with a new UEFI malware, detected by Kasperksy’s firmware scanner logs, that implants malicious code into...
U.S. government warns that firmware presents “a large and ever-expanding attack surface.” The U.S. government, at the very highest levels, is calling attention to major weaknesses in the firmware supply chain, warning that the layer below the operating system is fertile ground for devastating hacker attacks. A new joint draft report issued by leadership of the U.S. Department of Homeland Security (DHS) and Department of Commerce said firmware presented “a large and ever-expanding attack surface” for malicious hackers to subvert the core of modern computing. “Securing the firmware layer is often...
CISA Publishes List of Free Security Tools and Services The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday published a repository of free tools and services to enable organizations to mitigate, detect, and respond effectively to malicious attacks and further improve their security posture. The “Free Cybersecurity Services and Tools” resource hub comprises a mix of services provided by CISA, open-source utilities, and other implements offered by private and public sector organizations across the cybersecurity community. “Many organizations, both public and private, are target rich and resource poor,” CISA Director,...
What Is Hotel Druid Hoteldruid is an open-source program for hotel management (property management software) developed by DigitalDruid.Net Vendor URL: hoteldruid.com CVE RATING: 8.8/10 HotelDruid RCE PoC You may also enjoy reading, CVEs You May Have Missed While Log4J Stole The Headlines Got to Cybersecurity News Go to Homepage Go to Cybersecurity Academy Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today Remember, CyberSecurity Starts With You! Globally, 30,000 websites are hacked daily. 64% of companies worldwide have experienced at least one form of...
Code hosting platform GitHub today launched new machine learning-based code scanning analysis features that will automatically discover more common security vulnerabilities before they end up in production. These new experimental static analysis features are now available for JavaScript and TypeScript GitHub repositories in public beta. GitHub Code Scanning Analysis “With the new analysis capabilities, code scanning can surface even more alerts for four common vulnerability patterns: cross-site scripting (XSS), path injection, NoSQL injection, and SQL injection,” said GitHub’s Tiferet Gazit and Alona Hlobina. “Together, these four vulnerability types account for many...
What to do if I’ve been doxed: Actions to take in the first 24hours. If you are in immediate danger, please call your local emergency number. This is a step-by-step guide on actions to consider after being targeted online. It’s direct and concise by design. There’s no “right way” or order to go about things. Here is information so you can come up with an action plan that best supports your incident, goals, and needs. Trigger warning: For someone not in immediate need of an action plan, this guide could be triggering. If you are...