Archive for the ‘Web Security’ Category

A guide to internet safety for kids

As a resource, the internet is a wonderful place for children to learn, explore ideas, and express themselves creatively. The internet is also key in a child’s social development, helping to strengthen communication skills, for example when playing games or chatting with friends. However, parents should be aware that all these activities often come with […]

Leave a Comment

Experts warn of attacks exploiting CVE-2021-40438 flaw in Apache HTTP Server

Threat actors are exploiting a recently addressed server-side request forgery (SSRF) vulnerability, tracked as CVE-2021-40438, in Apache HTTP servers. The CVE-2021-40438 flaw can be exploited against httpd web servers that have the mod_proxy module enabled. A threat actor can trigger the issue using a specially crafted request to cause the module to forward the request to an […]

Leave a Comment

There’s More to Threat Intelligence Than Dark Web Monitoring

Dark web monitoring seems to be a hot buzzword in discussions about cyberthreat intelligence (CTI) and how it helps cybersecurity strategy and operations. Indeed, dark web monitoring enables a better understanding of an attacker’s perspective and following their activities on dark web forums can have a great impact on cybersecurity readiness andposture. Accurate and timely knowledge of […]

Leave a Comment

DuckDuckGo Wants to Stop Apps From Tracking You on Android

At the end of April, Apple’s introduction of App Tracking Transparency tools shook the advertising industry to its core. iPhone and iPad owners could now stop apps from tracking their behavior and using their data for personalized advertising. Since the new privacy controls launched, almost $10 billion has been wiped from the revenues of Snap, Meta Platform’s Facebook, Twitter, […]

Leave a Comment

Human hacking increased as apps and browsers moved completely to the cloud

“Today’s hyper-targeted spear phishing attacks, coming at users from all digital channels, are simply not discernable to the human eye. Add to that the increasing number of attacks coming from legitimate infrastructure, and the reason phishing is the number one thing leading to disruptive ransomware attacks is obvious.” Human interaction online has largely moved to […]

Leave a Comment

Check What Information Your Browser Leaks

These two sites tell you what sorts of information you’re leaking from your browser. The Browser Hacker’s Handbook

Leave a Comment

OWASP Top 10 2021: The most serious web application security risks

How is the list compiled? “We get data from organizations that are testing vendors by trade, bug bounty vendors, and organizations that contribute internal testing data. Once we have the data, we load it together and run a fundamental analysis of what CWEs map to risk categories,” the Open Web Application Security Project (OWASP) explains. “This […]

Leave a Comment

Improving WordPress Security in 2021

What Is WordPress? WordPress is a PHP-based content management system that may be used in conjunction with MySQL. The best part about WordPress is that it is free and open source software. It offers many plugins and themes that make it easier for non-technical users to deploy a website. It also allows continuous backup. And […]

Leave a Comment

The RedMonk Programming Language Rankings

This iteration of the RedMonk Programming Languages is brought to you by Microsoft. Developers build the future. Microsoft supports you in any language and Java is no exception; we love it. We offer the best Java dev tools, infrastructure, and modern framework support. Modernize your Java development with Microsoft. While we generally try to have our […]

Leave a Comment

Top 10 Tips to Protect Against OWASP Top 10 Vulnerabilities

OWASP Top 10 vulnerabilities is a list of the 10 most common security vulnerabilities in applications. The Top 10 OWASP web application security vulnerabilities are updated every 3-4 years. Last updated in 2017, the vulnerabilities featuring on the list are: Injection Broken Authentication Sensitive Data Exposure XML External Entities (XXE) Broken Access Control Security Misconfigurations Cross-Site Scripting […]

Leave a Comment

Data leak implicates over 200,000 people in Amazon fake product review scam

There is an ongoing battle between the e-commerce giant and dubious sellers, worldwide, who wish to hamstring competitors and gain an edge by generating fake reviews for their products.  This can include paying individuals to leave a glowing review or by offering free items in return for positive, public feedback.  How they operate and stay under Amazon’s […]

Leave a Comment

Firefox for Android gets critical update to block cookie-stealing hole

Usually, when browser updates come out, it’s obvious what to do if you’re running that browser on your laptop or desktop computer. But we often get questions from readers (questions that we can’t always answer) wondering what to do if they’re using that browser on their mobile phone, where version numbering is often bewildering. In […]

Leave a Comment

Outpost24 report finds Top 10 US Credit Unions all have web application issues

Leave a Comment

Web Application Security’s Lost Year

Web Application Security More Critical Than Ever Other findings from the report include: An overall prevalence of high-severity vulnerabilities such as remote code execution, SQL injection, and cross-site scripting; Medium-severity vulnerabilities such as denial-of-service, host header injection and directory listing, remained present in 63% of web apps in 2020; Several high-severity vulnerabilities did not show […]

Leave a Comment

Firefox 88 patches bugs and kills off a sneaky JavaScript tracking trick

Over the past two months or so, Mozilla’s Firefox browser has had a lot less media attention than Google’s Chrome and Chromium projects… …but Mozilla probably isn’t complaining this time, given that the last three mainstream releases of Chrome have included security patches for zero-day security holes. A zero-day is where the crooks find an exploitable security hole […]

Leave a Comment

Italian charged with hiring “dark web hitman” to murder his ex-girlfriend

In a brief yet fascinating press release, Europol just announced the arrest of an Italian man who is accused of “hiring a hitman on the dark web”. According to Europol: The hitman, hired through an internet assassination website hosted on the Tor network, was paid about €10,000 worth in Bitcoins to kill the ex-girlfriend of the […]

Leave a Comment

IETF deprecates TLS 1.0 and TLS 1.1, update to latest versions

IETF has formally deprecated the TLS 1.0 and TLS 1.1 cryptographic protocols because they lack support for recommended cryptographic algorithms and mechanisms The Internet Engineering Task Force (IETF) formally deprecates Transport Layer Security (TLS) versions 1.0 (RFC 2246) and 1.1 (RFC 4346). Both versions lack support for current and recommended cryptographic algorithms and mechanisms. TLS […]

Leave a Comment

Chrome to Enforce HTTPS Web Protocol (Like It or Not)

If you type in securityboulevard.com, Chrome version 90 will send you directly to the secure version of the site. Surprisingly, that’s not what it currently does—instead, Google’s web browser relies on the insecure site to silently redirect you. That’s slow. And it’s a privacy problem, potentially. This seemingly unimportant change could have a big—if unseen—impact. So long, cleartext web. In […]

Leave a Comment

Tackling cross-site request forgery (CSRF) on company websites

CSRF arises because of a problem with how browsers treat cross origin requests. Take the following example: a user logs into site1.com and the application sets a cookie called ‘auth_cookie’. A user then visits site2.com. If site2.com makes a request to site1.com, the browser sends the auth_cookie along with it. Normally this doesn’t matter, if […]

Leave a Comment

Exploiting Spectre Over the Internet

Google has demonstrated exploiting the Spectre CPU attack remotely over the web: Today, we’re sharing proof-of-concept (PoC) code that confirms the practicality of Spectre exploits against JavaScript engines. We use Google Chrome to demonstrate our attack, but these issues are not specific to Chrome, and we expect that other modern browsers are similarly vulnerable to this exploitation vector. We […]

Leave a Comment