RiSec.Steve Our 2021 Website Threat Research Report details our findings and analysis of emerging and ongoing trends and threats in the website security landscape. We’ve put together this analysis to help keep website owners informed and aware of the dangers posed by malicious actors. This year’s report is a collection of observations made by Sucuri’s Research and Remediation teams from data collected on web-based malware, vulnerable software, and attacks during 2021. The data used in this report is a representative sample of the total number of websites that our Remediation...
cyber security
Charges against the individual – Sebastien Vachon-Desjardins, 34, of Gatineau, Quebec, Canada – were announced last year, when law enforcement authorities in the U.S. and Europe seized the dark web sites used in the NetWalker ransomware operations. Offered under the ransomware-as-a-service (RaaS) business model, NetWalker – also known as Malito – emerged in 2019 and has been involved in a variety of high-profile attacks, including ones targeting education, government, health, and public transportation organizations. The U.S. Department of Justice said that dozens of entities worldwide were hit by NetWalker, which “specifically...
The freight logs of two major Chinese shipping ports have been leaking data, a problem which if left unresolved could disrupt the supply chain of up to 70,000 tonnes of cargo a day, with potentially serious consequences for international shipping. The cybernews® research team identified an open ElasticSearch database, which contained more than 243GB of data detailing current and historic ship positions that is exposed to the public. Analyzing the data, the team determined that it is highly likely to belong to the Yangtze river ports of Nanjing and...
At a time when cyber security is top of mind for many firms, Google announced it was paying $5.4 billion to acquire security intelligence company Mandiant, giving it access to security data gathering capabilities, as well as a team of hundreds of security consultants. The company will become part of Google Cloud upon closing. Google Cloud head Thomas Kurian pointed out that companies were facing unprecedented security threats, especially as the war in Ukraine rages, and Mandiant gives the company a platform of security services to add to the Google Cloud platform. “This is an opportunity...
A new type of malware takes a decidedly more stealthy and hard-to-remove path into your OS — it hides in your BIOS chip and thus remains even after you reinstall your OS or format your hard drive. Kaspersky has observed the growth of Unified Extensible Firmware Interface (UEFI) firmware malware threats since 2019, with most storing malware on the EFI System Partition of the PC’s storage device. However, a sinister development had earlier been spotted with a new UEFI malware, detected by Kasperksy’s firmware scanner logs, that implants malicious code into...
U.S. government warns that firmware presents “a large and ever-expanding attack surface.” The U.S. government, at the very highest levels, is calling attention to major weaknesses in the firmware supply chain, warning that the layer below the operating system is fertile ground for devastating hacker attacks. A new joint draft report issued by leadership of the U.S. Department of Homeland Security (DHS) and Department of Commerce said firmware presented “a large and ever-expanding attack surface” for malicious hackers to subvert the core of modern computing. “Securing the firmware layer is often...
CISA Publishes List of Free Security Tools and Services The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday published a repository of free tools and services to enable organizations to mitigate, detect, and respond effectively to malicious attacks and further improve their security posture. The “Free Cybersecurity Services and Tools” resource hub comprises a mix of services provided by CISA, open-source utilities, and other implements offered by private and public sector organizations across the cybersecurity community. “Many organizations, both public and private, are target rich and resource poor,” CISA Director,...
What Is Hotel Druid Hoteldruid is an open-source program for hotel management (property management software) developed by DigitalDruid.Net Vendor URL: hoteldruid.com CVE RATING: 8.8/10 HotelDruid RCE PoC You may also enjoy reading, CVEs You May Have Missed While Log4J Stole The Headlines Got to Cybersecurity News Go to Homepage Go to Cybersecurity Academy Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today Remember, CyberSecurity Starts With You! Globally, 30,000 websites are hacked daily. 64% of companies worldwide have experienced at least one form of...
Code hosting platform GitHub today launched new machine learning-based code scanning analysis features that will automatically discover more common security vulnerabilities before they end up in production. These new experimental static analysis features are now available for JavaScript and TypeScript GitHub repositories in public beta. GitHub Code Scanning Analysis “With the new analysis capabilities, code scanning can surface even more alerts for four common vulnerability patterns: cross-site scripting (XSS), path injection, NoSQL injection, and SQL injection,” said GitHub’s Tiferet Gazit and Alona Hlobina. “Together, these four vulnerability types account for many...
What to do if I’ve been doxed: Actions to take in the first 24hours. If you are in immediate danger, please call your local emergency number. This is a step-by-step guide on actions to consider after being targeted online. It’s direct and concise by design. There’s no “right way” or order to go about things. Here is information so you can come up with an action plan that best supports your incident, goals, and needs. Trigger warning: For someone not in immediate need of an action plan, this guide could be triggering. If you are...
English
Afrikaans
Albanian
Amharic
Arabic
Armenian
Azerbaijani
Basque
Belarusian
Bengali
Bosnian
Bulgarian
Catalan
Cebuano
Chichewa
Chinese (Simplified)
Chinese (Traditional)
Corsican
Croatian
Czech
Danish
Dutch
Esperanto
Estonian
Filipino
Finnish
French
Frisian
Galician
Georgian
German
Greek
Gujarati
Haitian Creole
Hausa
Hawaiian
Hebrew
Hindi
Hmong
Hungarian
Icelandic
Igbo
Indonesian
Irish
Italian
Japanese
Javanese
Kannada
Kazakh
Khmer
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latin
Latvian
Lithuanian
Luxembourgish
Macedonian
Malagasy
Malay
Malayalam
Maltese
Maori
Marathi
Mongolian
Myanmar (Burmese)
Nepali
Norwegian
Pashto
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Samoan
Scottish Gaelic
Serbian
Sesotho
Shona
Sindhi
Sinhala
Slovak
Slovenian
Somali
Spanish
Sudanese
Swahili
Swedish
Tajik
Tamil
Telugu
Thai
Turkish
Ukrainian
Urdu
Uzbek
Vietnamese
Welsh
Xhosa
Yiddish
Yoruba
Zulu