Heena Sharma Blog

  Cybercriminals targeting web applications have grown more reliant on automated tools as nearly 20 per cent of the attacks detected were fuzzing attacks, trying to find the points at which applications break to exploit, a report said on Wednesday. Fuzzing is the usually automated process of finding hackable software bugs by randomly feeding different permutations of data into a target programme until one of those permutations reveals a vulnerability. The cloud-enabled security solutions provider Barracuda Networks that analyzed a sample of two months of blocked data on web application attacks in the month of November and December, found that the top five attacks using automated tools were fuzzing attacks, injection attacks, fake bots, App DDoS and blocked bots. Read More

Hackers have sold personal data of a whopping 267 million Facebook users for just Rs 41,500 (approximately 500 Euros). The data includes email addresses, names, Facebook IDs, dates of birth and phone numbers. Thankfully, no passwords of the 267 million Facebook users were exposed by the hacker, according to the cyber risk assessment platform Cyble. The Cyble researchers executed the sale and were able to download and verify the data. "At this stage, we are not aware of how the data got leaked at the first instance. It might be due to a leakage in third-party API (Application Programming Interface) or scrapping," the company said in a statement. Read More

Microsoft has said that it obtained a court order allowing it to seize web domains used by North Korean hacking groups to launch cyberattacks on human rights activists, researchers and others. The US technology giant said on Monday that a federal court allowed it to take control of 50 domains operated by a group dubbed Thallium, which tricked online users by fraudulently using Microsoft brands and trademarks. "This network was used to target victims and then compromise their online accounts, infect their computers, compromise the security of their networks and steal sensitive information," said Tom Burt, Microsoft's vice president for customer security and trust. "Based on victim information, the targets included government employees, think tanks, university staff members, members of organizations focused on world peace and human rights, and individuals that work on nuclear proliferation issues. Most targets were based in the US, as well as Japan and Sou...