With HTTP Parameter Pollution (HPP) attacks, threat actors can hide scripts and processes in URLs. First discovered in 1999, this technique can also allow threat actors to pollute the parameters…
Browsing Categoryhttp
Firefox 76 will have option to enforce HTTPS-only connections
The aim is to block the browser from reaching the small number of sites that cling to HTTP, closing security risks. This post appeared first on Naked Security Blog by…
Slack fixes account-stealing bug
Slack has fixed a bug that allowed attackers to hijack user accounts by tampering with their HTTP sessions. This post appeared first on Naked Security Blog by Sophos Author: Danny…
Let’s Encrypt issues one billionth free certificate
Thanks to this flood of free certificates, the web is a lot more encrypted than it was a few years ago. This post appeared first on Naked Security Blog by…
Google Chrome to start blocking downloads served via HTTP
Google has announced a timetable for phasing out insecure file downloads in the Chrome browser starting with desktop version 81 due next month. This post appeared first on Naked Security…
Google’s Chrome 80 clamps down on cookies and notification spam
Version 80 of the Chrome browser is out with some new features designed to save your security and your sanity. This post appeared first on Naked Security Blog by Sophos…
FBI warns users to be wary of phishing sites abusing HTTPS
Why you shouldn’t trust a website simply because it’s secured using HTTPS and backed by the green padlock symbol. This post appeared first on Naked Security Blog by Sophos Author:…
Hackers Behind DNSpionage Created a New Remote Admin Tool for C2 Server Communication Over HTTP and DNS
Threat actors behind the new malware campaign DNSpionage created a new remote administrative tool that supports HTTP and DNS communication with C&C Server that operates by attackers. Based on a…
Malicious HTTP/2 Requests on IIS Server Cause The System CPU Usage to Spike to 100%
Microsoft Security advisory released a new flaw in IIS server that Microsoft the system CPU usage to spike to 100% when malicious HTTP/2 requests are sent to a Windows Server.…
Why your website is officially ‘not secure’ from today
Chrome will mark all HTTP sites as “not secure” starting on Tuesday – an important milestone on the road to HTTPS Everywhere. This post appeared first on Naked Security Blog…