The dark web is proving to be a serious menace for organizations and the threats keep on piling up with the huge amount of data dumped on it on a regular basis.

According to a recent report, cybercriminals are now actively adopting automation tools and bots to target web applications. Sometimes, bots would impersonate Google bots to evade a system’s defensive mechanism.

Cyber adversaries have been found injecting cryptomining malware via exposed Redis instances, that give full access to all the running containers on Docker Hub, in an ongoing campaign.

Microsoft warned of a new type of attack technique that can be used to poison the app-building process. The attack was tested against at least 35 major tech firms.

ICS-related attacks have gained prominence over the past year and with the rising number of vulnerability disclosures, the attacks are anticipated to see a surge. 

Malicious browser extensions are increasingly being used to infect millions of users across the world to monitor their browsing activity, exfiltrate stolen data, send malicious commands, and more.

Since December, FTA-linked hacks have been reported by the Reserve Bank of New Zealand, Australian Securities and Investments Commission (ASIC), law firm Allens, the University of Colorado, and more.

According to a report by Redscan, 63% of the total number disclosed in 2020 were classed as “low complexity,” which means an attacker with low technical skills could exploit them.

Some of the fraud was initiated through dating apps but even more through social media, the FTC said, as people flocked to them during months of stay-at-home orders during the coronavirus pandemic.

The database is said to contain customers’ full names, birthdates, taxpayer identification number (TIN), birthplace, passport details, family status, car availability, education, phone number, etc.