Archive for the ‘Web Security’ Category

Is this website Safe : How to Check Website Safety to Avoid Cyber Threats Online

is this website safe ? In this digital world, Check website safety is most important concern since there are countless malicious websites available everywhere over the Internet, it is very difficult to find a trustworthy website. We need tobrowse smart and need to make sure the site is not dangerous by using Multiple approaches. In general, it is good […]

Leave a Comment

Car companies massively exposed to web vulnerabilities

From a detailed report – compiled by security researcher Sam Curry – the findings are an alarming indication that in its haste to roll out digital and online features, the automotive industry is doing a sloppy job of securing its online ecosystem. https://lnkd.in/gdAXGjaN The web applications and APIs of major car manufacturers, telematics (vehicle tracking and logging technology) […]

Leave a Comment

Credential Stealing Flaw in Google Chrome Impacted 2.5 Billion Users

The vulnerability (CVE-2022-3656), allowed remote attackers to steal sensitive user data like cloud service provider credentials and crypto wallet details. The cyber security researchers at Imperva Red Team have shared details of a recently discovered and patched vulnerability that impacted over 2.5 billion Google Chrome users and all Chromium-based browsers, including Opera and Edge. Vulnerability Details The […]

Leave a Comment

WEB APPLICATION PENTESTING CHECKLIST

Web Pentesting Checklist Cyber Security News PenTesting Titles Pentesting Training Penetration Testing – Exploitation Penetration Testing – Post Exploitation Infosec books | InfoSec tools | InfoSec services

Leave a Comment

Is this website Safe : How to Check Website Safety to Avoid Cyber Threats Online

is this website safe ? In this digital world, Check website safety is most important concern since there are countless malicious websites available everywhere over the Internet, it is very difficult to find a trustworthy website. We need tobrowse smart and need to make sure the site is not dangerous by using Multiple approaches. In general, it is good […]

Leave a Comment

Malicious Chrome Plugin Let Remote Attacker Steal keystroke and Inject Malicious Code

Researchers at Zimperium zLabs recently identified a new Chrome browser botnet called ‘Cloud9’ that is intent on stealing the following information using malicious extensions:- Online accounts credentials Log keystrokes Inject ads Inject malicious JS code Enroll the victim’s browser in DDoS attacks This method is becoming increasingly attractive for malware developers to target web browsers as […]

Leave a Comment

Researchers Found Website Scanner “Urlscan.io” Leaking Sensitive Private Data

Researchers from Positive Security uncovered a website scanner called “Urlscan” that unintentionally leaking sensitive URLs and data due to misconfiguration. It appears that a third party accidentally leaked the GitHub Pages URLs, and this incident happened while a metadata analysis was being conducted. “This information could be used by spammers to collect email addresses and […]

Leave a Comment

Chrome 106 Released – Google Fixed 20 Security Bugs – Update Now!

The Chrome web browser was recently updated to a new stable version released by Google. Google Chrome’s updated version Chrome 106 offers a number of brand-new features and improvements, and it also includes a number of security updates. The new version of Chrome 106 has been already released by Google to the stable channel for […]

Leave a Comment

How Can WAF Prevent OWASP Top 10?

The OWASP Top 10 security risks point out the common vulnerabilities seen in web applications. But it does not list the set of attack vectors that WAFs (Web Application Firewalls) can simply block. This is but a myth often propagated by many a security vendor. OWASP Top 10 protection is the joint responsibility of the […]

Leave a Comment

Browser-in-the-browser attacks

Researchers at threat intelligence company Group-IB just wrote an intriguing real-life story about an annoyingly simple but surprisingly effective phishing trick known as BitB, short for browser-in-the-browser. You’ve probably heard of several types of X-in-the-Y attack before, notably MitM and MitB, short for manipulator-in-the-middle and manipulator-in-the-browser. In a MitM attack, the attackers who want to trick you position themselves somewhere “in the middle” of the […]

Leave a Comment

Chrome patches 24 security holes, enables “Sanitizer” safety system

Google’s latest Chrome browser, version 105, is out, though the full version number is annoyingly different depending on whether you are on Windows, Mac or Linux. On Unix-like systems (Mac and Linux), you want 105.0.5195.52, but on Windows, you’re looking for 105.0.5195.54. According to Google, this new version includes 24 security fixes, though none of them are reported […]

Leave a Comment

Chrome browser gets 11 security fixes with 1 zero-day – update now!

The latest update to Google’s Chrome browser is out, bumping the four-part version number to 104.0.5112.101 (Mac and Linux), or to 104.0.5112.102 (Windows). According to Google, the new version includes 11 security fixes, one of which is annotated with the remark that “an exploit [for this vulnerability] exists in the wild”, making it a zero-day hole. The name zero-day is a reminder […]

Leave a Comment

Candiru surveillance spyware DevilsTongue exploited Chrome Zero-Day to target journalists

The spyware developed by Israeli surveillance firm Candiru exploited recently fixed CVE-2022-2294 Chrome zero-day in attacks on journalists. Researchers from the antivirus firm Avast reported that the DevilsTongue spyware, developed, by Israeli surveillance firm Candiru, was used in attacks against journalists in the Middle East and exploited recently fixed CVE-2022-2294 Chrome zero-day. The flaw, which was fixed by Google on July 4, […]

Leave a Comment

Apple patches “0-day” browser bug fixed 2 weeks ago in Chrome, Edge

Apple has disgorged its latest patches, fixing more than 50 CVE-numbered security vulnerabilities in its range of supported products. The relevant security bulletins, update numbers, and where to find them online are as follows: APPLE-SA-2022-07-20-1: iOS 15.6 and iPadOS 15.6, details at HT213346 APPLE-SA-2022-07-20-2: macOS Monterey 12.5, details at HT213345 APPLE-SA-2022-07-20-3: macOS Big Sur 11.6.8, details at HT213344 APPLE-SA-2022-07-20-4: Security Update 2022-005 Catalina, details at HT213343 APPLE-SA-2022-07-20-5: tvOS […]

Leave a Comment

Tor Browser 11.5 is optimized to automatically bypass censorship

The Tor Project team has announced the release of Tor Browser 11.5, which introduces functionalities to automatically bypass censorship. The Tor Project team has announced the release of Tor Browser 11.5, the new version of the popular privacy-oriented browser implements new features to fight censorship. With previous versions of the browser, circumventing censorship of the Tor […]

Leave a Comment

Privacy-focused Brave Search grew by 5,000% in a year

https://www.bleepingcomputer.com/news/software/privacy-focused-brave-search-grew-by-5-000-percent-in-a-year/ Brave Search, the browser developer’s privacy-centric Internet search engine, is celebrating its first anniversary after surpassing 2.5 billion queries and seeing almost 5,000% growth in a year. To celebrate this success, Brave Software announced that Brave Search is finally exiting its beta phase and will become the default search engine for all users of […]

Leave a Comment

Internet scans find 1.6 million secrets leaked by websites

https://portswigger.net/daily-swig/internet-scans-find-1-6-million-secrets-leaked-by-websites Security researchers have apparently discovered more than 1.6 million secrets leaked by websites, including more than 395,000 exposed by the one million most popular domains. Modern web applications typically embed API keys, cryptographic secrets, and other credentials within JavaScript files in client-side source code. Aided by a tool developed specifically for the task, researchers from RedHunt Labs sought information […]

Leave a Comment

Microsoft warns of new highly evasive web skimming campaigns

Threat actors behind web skimming campaigns are using malicious JavaScript to mimic Google Analytics and Meta Pixel scripts to avoid detection. Microsoft security researchers recently observed web skimming campaigns that used multiple obfuscation techniques to avoid detection. The threat actors obfuscated the skimming script by encoding it in PHP, which, in turn, was embedded in […]

Leave a Comment

Massive hacking campaign compromised thousands of WordPress websites

Researchers uncovered a massive hacking campaign that compromised thousands of WordPress websites to redirect visitors to scam sites. Cybersecurity researchers from Sucuri uncovered a massive campaign that compromised thousands of WordPress websites by injecting malicious JavaScript code that redirects visitors to scam content. The infections automatically redirect site visitors to third-party websites containing malicious content […]

Leave a Comment

Keep your digital banking safe: Tips for consumers and banks

Digital banking has been a reality for quite a while now, particularly pushed forward in these last few years. Is security keeping up the pace? Online banking and mobile banking apps have made great security strides in recent years. In fact, some of today’s most well-respected banks are improving security measures by offering SMS or […]

Leave a Comment