From securityboulevard.com
Since June 2020, Acunetix supports the increasingly popular API query language – GraphQL. In this article, we want to show you step-by-step how to scan an API defined using GraphQL. To do this, you will first create an intentionally vulnerable API and its GraphQL definition, then scan it using Acunetix, eliminate critical vulnerabilities that you found using Acunetix, and verify that they have been eliminated.
From bleepingcomputer.com
REvil ransomware developers say that they made more than $100 million in one year by extorting large businesses across the world from various sectors.
They are driven by profit and want to make $2 billion from their ransomware service, adopting the most lucrative trends in their pursuit of wealth.
From securityboulevard.com
Some years ago, during the renaissance of security information and event management (SIEM), security became log crazy. The hope was that by gathering logs from networking and security devices and running them through the SIEM, security events could be astutely exposed and security teams could gain an upper hand over attackers. The enthusiasm was soon dashed when it was obvious that logs alone were not the answer. In the first place, not everything was covered by logs and security details that were being captured could be manipulated easily as an attacker attempted to cover their tracks. Second, it’s one thing to aggregate logs but another to integrate the findings to produce true intelligence, particularly that which could easily stand apart from false positives.
From en.secnews.gr
This attack / breach fits perfectly with the methods and motives of Turla, which is known for theft intelligence and espionage of government agencies in DIFFERENT countries.
To disrupt the European governing body, the attackers used a combination trojans (RAT) and RPC-based backdoors, including HyperStack.
From info.phishlabs.com
Widely-used URL tracking systems are often abused in phishing attacks. The domains used by these systems are commonly known and trusted, making them attractive carriers for phishing URLs. To illustrate how it works, this post breaks down a recently-observed phishing attack that uses Google Ads’ tracking system to evade email filters.
Piggybacking on a domain is appealing to threat actors not only because it increases the odds of making it past spam filters, but also for ease of creation. By editing an existing URL, the burden of setting up their own redirect is removed, and they are able to take advantage of infrastructure already in place to launch their campaign.
From securityboulevard.com
Regulations related to the collection, storage and use of personal data don’t apply to the collection of license plate readings, a court has found, calling privacy regs into question
As you drive to George Mason University in Fairfax, Virginia, you may very well pass a blue and grey Fairfax County police car with its shiny lights and trunk-mounted Automated License Plate Reader (ALPR). The camera will take a picture of your license plate; scan it; analyze it; “read” the letters, numbers and state of issue; and compare it against a “hot list” of wanted or stolen cars or determine whether the owner of the vehicle is “wanted” and therefore stop the driver under the assumption that they might be the wanted owner.
From ehackingnews.com
Businesses have increasingly adopted IoT devices, especially amid the COVID-19 pandemic to keep their operations safe. Over the past year, the number of IoT devices employed by various organizations in their network has risen by a remarkable margin, as per research conducted by Palo Alto Networks’ threat intelligence arm, Unit 42. While looking into the current IoT supply ecosystem, Unit 42 explained the multi exploits and vulnerabilities affecting IoT supply chains. The research also examined potential kinds of motivation for exploiting the IoT supply chain, illustrating how no layer is completely immune to the threat.