WebCookies.org: scan for HTTP, Flash, HTML5, CANVAS cookies, SSL/TLS and HTTP security

All-in-one free web application security tool. Web application vulnerability and privacy scanner with support for HTTP cookies, Flash, HTML5 localStorage, sessionStorage, CANVAS, Supercookies, Evercookies. Includes a free SSL/TLS, HTML and HTTP vulnerability scanner and URL malware scanner.

Source: WebCookies.org: scan for HTTP, Flash, HTML5, CANVAS cookies, SSL/TLS and HTTP security

Shape Security Blog : Key Findings from the 2018 Credential Spill Report

Shape Security Blog : Key Findings from the 2018 Credential Spill ReportIn 2016 we saw the world come to grips with the fact that data breaches are almost a matter of when, not if, as some of the world’s largest companies announced spills of incredible magnitude. In 2017 and 2018, we started to see regulatory agencies make it clear that companies need to proactively protect users from attacks fueled by these breaches as they show little sign of slowing.In the time between Shape’s inaugural 2017 Credential Spill Report and now, we’ve seen a vast number of new industries roll up under the Shape umbrella and, with that, troves of new data on how different verticals are exploited by attacker—from Retail and Airlines to Consumer Banking and Hotels. Shape’s 2018 Credential Spill Report is nearly 50% larger and includes deep dives on how these spills are used by criminals and how their attacks play out. We hope that the report helps companies and individuals understand the downstream impact these breaches have. Credential stuffing is the vehicle that enables endless iterations of fraud and it is critical to have eyes on the problem as soon as possible. This is a problem that is only getting worse and attackers are becoming more advanced at a rate that is devaluing modern mitigation techniques rapidly.Last year, over 2.3 billion credentials from 51 different organizations were reported compromised. We saw roughly the same number of spills reported each of the past 2 years, though the average size of the spill decreased slightly despite having a new record breaking announcement reported by Yahoo. Even after excluding Yahoo’s update from the measurements in 2017, we saw an average of 1 million credentials spilled every single day.These credential spills will affect us for years and, with an average time of 15 months between a breach and the report, attackers are already well ahead of the game before companies can even react to being compromised. This window of opportunity creates strong motives for criminals, as evidenced by the e-commerce sector where 90% of login traffic comes from credential stuffing attacks. The result is that attacks are successful as often as 3% of the time and the costs can quickly add up for businesses. Online retail loses about $6 billion per year while the consumer banking industry faces over $50 million per day in potential losses from attacks.

Source: Shape Security Blog : Key Findings from the 2018 Credential Spill Report

Equifax data breach a ‘digital disaster’ for Canadians – New Brunswick – CBC News

The fallout of the Equifax data breach is going to be felt by companies, individuals and government for years to come.

The fallout of the Equifax data breach is going to be felt by companies, individuals and government for years to come.

This digital disaster will cause millions of people significant stress as they are dragged into a near never-ending battle with identity thieves.

It will cost billions to contain, and attempt to clean-up, and the proceeds of the crime will throw even more fuel onto the roaring fire that is global cyber crime.

What is Equifax and what happened?

Equifax is one of the big four credit bureaus — they rank a person’s worthiness to receive credit — things like car loans, mortgages, credit cards or sometimes even services such as telephone, cable and, in the US, even health care.

Their database includes personally identifiable information — names, addresses and most crucially, data like social security numbers in the US or social insurance numbers in Canada.

‘Companies aren’t yet required to report data breaches or disclose any information about such breaches. We are severely lagging behind many countries in this regard … ‘— David Shipley

In May, an unknown group successfully breached Equifax’s online services by exploiting a vulnerability in their servers.

A software fix, called a patch for the vulnerability, had been available in March but was not put in place. Equifax only reported the breach last week. As many as 143 million Americans and reportedly as many as 44 million people in the UK are affected.

As of this weekend, all we know about Canada is that some people are affected, but no idea exactly how many or how much personal information has been compromised.

Reportedly 10,000 Canadian Automobile Association (CAA) subscribers in Canada have been notified that their information was included in the breach.

Why don’t we know more?

To be honest, it’s the result of gaping holes in Canada’s privacy legislation.

Companies aren’t yet required to report data breaches or disclose any information about such breaches.”

Read the entire article at the link below.

Source: Equifax data breach a ‘digital disaster’ for Canadians – New Brunswick – CBC News

KernelMode.info • View topic – Sandboxes / Online Link checkers

While some of these are long gone, there are some decent links to get started with .. not opening sketchy links ..

Online

Additional tools

NOTE: The content of this list is originally from: viewtopic.php?f=16&t=64. If you are reading it elsewhere, please visit the original location.

Ring0 – the source of inspiration
User avatar
EP_X0FF

Source: KernelMode.info • View topic – Sandboxes / Online Link checkers

Security Features Check » AMTSO

Source: Security Features Check » AMTSO

Security Features Check

Security Features Check » AMTSOThe AMTSO web site now hosts a number of easy to use tools to ensure that endpoint security products are configured to protect you from viruses, drive-by-downloads, potentially unwanted applications (PUA), archived malware and phishing and cloud attacks.

Because the usage growth of tablets and smartphones, endpoint security nowadays embodies more than just a desktop solution. Besides the Security Features Check for Desktop Solutions, AMTSO hosts similar checks for Android based devices. In the future, the AMTSO Security Features Checks will be extended to cover more features and expanded to cover more Operating Systems.

Take me to the “Feature Settings Check for Desktop Solutions” page

Take me to the “Feature Settings Check for Android based Solutions”  page