Best of Cybersecurity — 2021
- 1
- 2
The Hacker News·5y
New Chrome Browser 0-day Under Active Attack—Update Immediately!
Google releases Chrome 88.0.4324.150 for Windows, Mac, and Linux. The fix is for a heap buffer overflow flaw in its V8 JavaScript rendering engine. The security flaw was reported to Google by Mattias Buelens on January 24. It's not immediately clear if CVE-2021-21148 was used in these attacks.
- 3
New Chrome 0-Day Bug Under Active Attacks – Update Your Browser ASAP!
Chrome users can update to the latest version (91.0.4472.101) by heading to Settings > Help > About Google Chrome to mitigate the risk associated with the flaw. The flaw stems from a type confusion issue in its V8 open-source and JavaScript engine. Google has addressed a total of seven zero-days in Chrome since the start of the year.
- 4
- 5
Honeypot·5y
How to Become a Certified Ethical Hacker
Cybersecurity and hacking certifications will be important if you are pursuing a career in the infosec industry. I’ll go through the top five cybersecurity certifications and explain a little about what you can expect and who they're for. There are two main categories that differentiate ethical hacking jobs. We have Red Teaming which is the offensive side of hacking, and Blue Teaming.
- 6
Second Log4j Vulnerability (CVE-2021-45046) Discovered — New Patch Released
Apache Software Foundation pushes out new fix for Log4j logging utility. The previous patch for the recently disclosed Log4Shell exploit was deemed as "incomplete in certain non-default configurations" The latest update arrives as fallout from the flaw has resulted in a "true cyber pandemic"
- 7
Dev Genius·5y
Best Practices For Securing Web Applications in 2021
Web application vulnerabilities were the cause of 43% of data breaches in 2019. 79% of organizations intentionally pushed vulnerable code to production. Most web applications use third-party open source components, which must be scanned on an ongoing basis. The most powerful security technique in web development is to think about security in all, even smallest, details.
- 8
Bits and Pieces·5y
8 Steps to Secure JavaScript in 2021
7 Steps to Secure JavaScript in 2021. These practices will help to secure your JavaScript execution. Viduni Wickramarachchi: JavaScript is a highly dependent ecosystem on third-party libraries. He says we should never rely only on client-side validations since attackers can change them as required.
- 9
Apache Log4j Vulnerability — Log4Shell — Widely Under Active Attack
Telemetry signs point to exploitation of the flaw nine days before it even came to light. Threat actors are weaponizing unpatched servers affected by the newly disclosed "Log4Shell" vulnerability. Threats such as Mirai and Muhstik are setting their sights on vulnerable systems to spread the infection.
- 10
DZone·4y
5 Best Plugins for Refactoring and Code Quality
Stepsize is an editor-first issue tracker for a healthy codebase. CodeStream eliminates context-switching and simplifies code discussion and code review. Snyk’s Vulnerability Scanner helps you find and fix security vulnerabilities and code quality issues in your projects.
- 11
How Much Do Hackers Earn in Europe?
Ethical hacking is a crucial part of cybersecurity, albeit a fairly new job option. It can provide fantastic career advancement for interested people in today's increasingly online realm. Earnings for cybersecurity experts in Europe begin at an average of €30,000 per annum. Senior positions demanding specialised knowledge and skills may pay up to €70,000.
- 12
Two NPM Packages With 22 Million Weekly Downloads Found Backdoored
Two popular NPM packages with cumulative weekly downloads of nearly 22 million were found to be compromised with malicious code. The two libraries in question are "coa," a parser for command-line options, and "rc," a configuration loader. Both were tampered by an unidentified threat actor to include "identical" password-stealing malware.
- 13
WARNING — Hugely Popular 'The Great Suspender' Chrome Extension Contains Malware
Google removed The Great Suspender, a popular Chrome extension used by millions of users, from its Chrome Web Store for containing malware. It has since emerged that the add-on stealthily added features that could be exploited to execute arbitrary code from a remote server. The extension's original developer is said to have sold the extension in June 2020 to an unknown entity.
- 14
Laravel·4y
Log4j Vulnerability Update
Log4j is a Java library by Apache used to log debug messages within applications. The vast majority of servers provisioned by Forge will not be vulnerable. If you have manually installed applications such as ElasticSearch your server may be affected. To check if your server is affected, you can use a script such as log4j_checker_beta .
- 15
Cisco·4y
Log4j Developer Response
A newly discovered zero-day vulnerability (CVE-2021-44228) in the Apache Log4j library. If exploited, the vulnerability allows attackers to gain full control of affected servers and your application. There are a few key things you can do as a developer to contain the threat.
- 16
The Real OWASP Top 10 2021
The OWASP top 10 describes the top 10 vulnerabilities as they were found in production environments for a particular year. While this is a good approach, it fails to take the impact of an issue into account. Broken Access Control (Including IDORs) can exist on any resource that the attacker should not be authorised to see.
- 17
- 18
daily.dev·5y
🔥 What's Hot in Web Development? — Weekly Picks #166
This week some important news about Chrome 0-day vulnerability, and lots of React content, Vue, and even job interview articles. A suggestion for a better folder hierarchy for your React projects. How to Solve Coding Problems with a Simple Four Step Method. Vue 3 is out but you probably don’t need it.
- 19
Hacker Noon·5y
What is URL Masking and How Does It Work?
Social engineering is a technique where attackers trick a user to steal his data or plant something malicious in the victim’s system. People should always check the links they receive from mail or SMS to see if they are from the original website or not. Most internet users are scared to open untrusted links.
