q-logger skimmer keeps Magecart attacks going

This blog post was authored by Jérôme Segura Although global e-commerce is continuing to grow rapidly, it seems as though Magecart attacks via digital skimmers have not followed the same trend. This is certainly true if we only look at recent newsworthy attacks; indeed when a victim is a large...

Introducing the Bot Endpoint Protection Report

Todays comprehensive monitoring capabilities in Security Center provide great insight into bot activity and countermeasures applied across your valuable web properties. Filter options allow you to focus on almost any desired detail. However, understanding what is happening on specific protected...

A look into Drupalgeddon’s client-side attacks

Drupal is one of the most popular Content Management Systems CMS, along with WordPress and Joomla. In late March 2018, Drupal was affected by a major remote code execution vulnerability CVE-2018-7600 followed by yet another CVE-2018-7602 almost a month later, both aptly nicknamed Drupalgeddon 2 a...

Cloudflare: SSRF

Hi i make report grabtaxi for SSRF But grabtaxi answer me coffeecup closed the report and changed the status to Not Applicable. Jul 26th 2 hrs ago Hello @linkks - After further review, we have determined that this is not SSRF on any of our web properties or assets. All IP's mentioned in this repo...

Security Advisory 2916652 released, Certificate Trust List updated

Microsoft is updating the Certificate Trust List CTL for all supported releases of Microsoft Windows to remove the trust of a mis-issued third-party digital certificate, which could be used to spoof content and perform phishing or man-in-the-middle attacks against web properties. With this action...

Google Jacks Up Bug Bounties For Serious Vulnerabilities

Google has one of the older bug bounty programs in existence, and the company often makes changes to its rules in an effort to stay current with the security landscape. The latest change is another increase in the rewards that the company will pay to researchers who report certain bugs, including...

Google Building Privacy Red Team

Google, which has come under fire for years for its privacy practices and recently settled a privacy related case with the Federal Trade Commission that resulted in a $22.5 million fine, is building out a privacy “red team”, a group of people charged with finding and resolving privacy risks in th...

Yahoo to Implement Do Not Track

Yahoo has decided that it’s now time to start implementing a Do Not Track system across its various Web properties. The company is one of the last large Web content providers to officially commit to using a DNT technology, and Yahoo said that it plans to have the system implemented by early summe...

Behind the Numbers of Mozilla's Bug Bounty Program

Bug bounty programs have been around in various forms for more than 15 years now, and many of the larger software companies, including Mozilla and Google, have established rewards for people who report bugs. But, aside from the amount of money that’s paid out when bugs are fixed, there hasn’t bee...

Google Extends Bug Bounty to Web Properties

Google is extending its nascent bug-bounty program to the Web applications that the company owns, including its flagship search service, YouTube and Blogger. The program will pay researchers rewards of up to $3133.7 for bugs that they find in Google Web services and report directly to the company...

Windows Live Spaces A Fake Pharma Target

Cybercrime affiliates of unlicensed pharmaceutical websites have begun moving on from attacks purely designed to poison Google search engine results, and are now targeting Microsoft’s web properties. Read the full article. The Register...