Web / Internet Threats

















              How dodgy browser plugins, web scripts can silently rewrite that URL you were about to hit –
              and throw you into an internet wormhole - Analysis Clickjacking, which came to the attention of
              security types more than a decade ago, continues to thrive, despite defenses deployed since then
              by browser makers.Boffins from Microsoft and universities in China, South Korea and the US
              recently looked at the Alexa top 250K websites and identified three different clickjacking
              techniques currently being used to intercept clicks.

                     Source: https://www.theregister.co.uk/2019/08/15/hijacked_clicks_research/



              Why 2-factor authentication isn't foolproof - I've worked with two-factor authentication (2FA) for
              years, primarily using VPN connections and access to highly secure systems. It works via a
              something-you-have-plus-something-you-know mechanism whereby users enter a pin/password
              followed by the numbers displayed on a secure token device. The goal is to make it impossible for
              attackers to access secured systems and accounts, but it's not perfect. I spoke about 2FA
              vulnerabilities and prevention tips with two security solutions providers: Stephen Cox, vice
              president and chief security architect at SecureAuth; and Bojan Simic, co-founder and CTO, HYPR.
                     Source: https://www.techrepublic.com/article/why-2-factor-authentication-isnt-foolproof/



              8 New HTTP/2 Implementation Flaws Expose Websites to DoS Attacks - Various implementations
              of HTTP/2, the latest version of the HTTP network protocol, have been found vulnerable to multiple
              security vulnerabilities affecting the most popular web server software, including Apache,
              Microsoft's IIS, and NGINX. Launched in May 2015, HTTP/2 has been designed for better security
              and improved online experience by speeding up page loads. Today, over hundreds of millions of
              websites, or some 40 percent of all the sites on the Internet, are running using HTTP/2 protocol.
                     Source: https://thehackernews.com/2019/08/http2-dos-vulnerability.html



              Organizations that scan applications in production have a reduced risk of being breached - Setu
              Kulkarni, WhiteHat’s VP of Strategy and Business Development, said, “It is more critical than ever
              that digital transformation initiatives must include a robust application security program." The 2019
              STATS report builds on the DevSecOps framework we had outlined last year and advances it with
              supporting metrics, to help our customers build consensus for securing applications and reducing
              risks, costs and complexity.

                     Source: https://www.helpnetsecurity.com/2019/08/15/scan-applications-in-production/







                                                    www.accumepartners.com
                                                                                                                    13