DISC InfoSec blog

is this website safe ? In this digital world, Check website safety is most important concern since there are countless malicious websites available everywhere over the Internet, it is very difficult to find a trustworthy website. We need tobrowse smart and need to make sure the site is not dangerous by using Multiple approaches. In general, it is good […]

From a detailed report – compiled by security researcher Sam Curry – the findings are an alarming indication that in its haste to roll out digital and online features, the automotive industry is doing a sloppy job of securing its online ecosystem. https://lnkd.in/gdAXGjaN The web applications and APIs of major car manufacturers, telematics (vehicle tracking and logging technology) […]

The vulnerability (CVE-2022-3656), allowed remote attackers to steal sensitive user data like cloud service provider credentials and crypto wallet details. The cyber security researchers at Imperva Red Team have shared details of a recently discovered and patched vulnerability that impacted over 2.5 billion Google Chrome users and all Chromium-based browsers, including Opera and Edge. Vulnerability Details The […]

Web Pentesting Checklist Cyber Security News PenTesting Titles Pentesting Training Penetration Testing – Exploitation Penetration Testing – Post Exploitation Infosec books | InfoSec tools | InfoSec services

is this website safe ? In this digital world, Check website safety is most important concern since there are countless malicious websites available everywhere over the Internet, it is very difficult to find a trustworthy website. We need tobrowse smart and need to make sure the site is not dangerous by using Multiple approaches. In general, it is good […]

Researchers at Zimperium zLabs recently identified a new Chrome browser botnet called ‘Cloud9’ that is intent on stealing the following information using malicious extensions:- Online accounts credentials Log keystrokes Inject ads Inject malicious JS code Enroll the victim’s browser in DDoS attacks This method is becoming increasingly attractive for malware developers to target web browsers as […]

Researchers from Positive Security uncovered a website scanner called “Urlscan” that unintentionally leaking sensitive URLs and data due to misconfiguration. It appears that a third party accidentally leaked the GitHub Pages URLs, and this incident happened while a metadata analysis was being conducted. “This information could be used by spammers to collect email addresses and […]

The Chrome web browser was recently updated to a new stable version released by Google. Google Chrome’s updated version Chrome 106 offers a number of brand-new features and improvements, and it also includes a number of security updates. The new version of Chrome 106 has been already released by Google to the stable channel for […]

The OWASP Top 10 security risks point out the common vulnerabilities seen in web applications. But it does not list the set of attack vectors that WAFs (Web Application Firewalls) can simply block. This is but a myth often propagated by many a security vendor. OWASP Top 10 protection is the joint responsibility of the […]

Researchers at threat intelligence company Group-IB just wrote an intriguing real-life story about an annoyingly simple but surprisingly effective phishing trick known as BitB, short for browser-in-the-browser. You’ve probably heard of several types of X-in-the-Y attack before, notably MitM and MitB, short for manipulator-in-the-middle and manipulator-in-the-browser. In a MitM attack, the attackers who want to trick you position themselves somewhere “in the middle” of the […]

Google’s latest Chrome browser, version 105, is out, though the full version number is annoyingly different depending on whether you are on Windows, Mac or Linux. On Unix-like systems (Mac and Linux), you want 105.0.5195.52, but on Windows, you’re looking for 105.0.5195.54. According to Google, this new version includes 24 security fixes, though none of them are reported […]

The latest update to Google’s Chrome browser is out, bumping the four-part version number to 104.0.5112.101 (Mac and Linux), or to 104.0.5112.102 (Windows). According to Google, the new version includes 11 security fixes, one of which is annotated with the remark that “an exploit [for this vulnerability] exists in the wild”, making it a zero-day hole. The name zero-day is a reminder […]

The spyware developed by Israeli surveillance firm Candiru exploited recently fixed CVE-2022-2294 Chrome zero-day in attacks on journalists. Researchers from the antivirus firm Avast reported that the DevilsTongue spyware, developed, by Israeli surveillance firm Candiru, was used in attacks against journalists in the Middle East and exploited recently fixed CVE-2022-2294 Chrome zero-day. The flaw, which was fixed by Google on July 4, […]

Apple has disgorged its latest patches, fixing more than 50 CVE-numbered security vulnerabilities in its range of supported products. The relevant security bulletins, update numbers, and where to find them online are as follows: APPLE-SA-2022-07-20-1: iOS 15.6 and iPadOS 15.6, details at HT213346 APPLE-SA-2022-07-20-2: macOS Monterey 12.5, details at HT213345 APPLE-SA-2022-07-20-3: macOS Big Sur 11.6.8, details at HT213344 APPLE-SA-2022-07-20-4: Security Update 2022-005 Catalina, details at HT213343 APPLE-SA-2022-07-20-5: tvOS […]

The Tor Project team has announced the release of Tor Browser 11.5, which introduces functionalities to automatically bypass censorship. The Tor Project team has announced the release of Tor Browser 11.5, the new version of the popular privacy-oriented browser implements new features to fight censorship. With previous versions of the browser, circumventing censorship of the Tor […]

https://www.bleepingcomputer.com/news/software/privacy-focused-brave-search-grew-by-5-000-percent-in-a-year/ Brave Search, the browser developer’s privacy-centric Internet search engine, is celebrating its first anniversary after surpassing 2.5 billion queries and seeing almost 5,000% growth in a year. To celebrate this success, Brave Software announced that Brave Search is finally exiting its beta phase and will become the default search engine for all users of […]

https://portswigger.net/daily-swig/internet-scans-find-1-6-million-secrets-leaked-by-websites Security researchers have apparently discovered more than 1.6 million secrets leaked by websites, including more than 395,000 exposed by the one million most popular domains. Modern web applications typically embed API keys, cryptographic secrets, and other credentials within JavaScript files in client-side source code. Aided by a tool developed specifically for the task, researchers from RedHunt Labs sought information […]

Threat actors behind web skimming campaigns are using malicious JavaScript to mimic Google Analytics and Meta Pixel scripts to avoid detection. Microsoft security researchers recently observed web skimming campaigns that used multiple obfuscation techniques to avoid detection. The threat actors obfuscated the skimming script by encoding it in PHP, which, in turn, was embedded in […]

Researchers uncovered a massive hacking campaign that compromised thousands of WordPress websites to redirect visitors to scam sites. Cybersecurity researchers from Sucuri uncovered a massive campaign that compromised thousands of WordPress websites by injecting malicious JavaScript code that redirects visitors to scam content. The infections automatically redirect site visitors to third-party websites containing malicious content […]

Digital banking has been a reality for quite a while now, particularly pushed forward in these last few years. Is security keeping up the pace? Online banking and mobile banking apps have made great security strides in recent years. In fact, some of today’s most well-respected banks are improving security measures by offering SMS or […]