cybersecurity

Building a Password Strength Checker in Python
14 Oct

Building a Password Strength Checker in Python

stp2y0 CommentsNews, , , , , , , ,
Hello again, and welcome to today's tutorial. Today, we are going to build a simple password strength checker using Python. We’ll explain how the code works step-by-step and give tips on how to improve your passwords. Why is Password Strength Important? A weak password makes it easier for hackers to guess or crack using various methods, putting your personal information at risk. A strong password is: Long enough (at least 12 characters) Uses a mix of letters (both uppercase and lowercase), numbers, and special characters Avoids common or predictable words Let’s get started by building a tool that assesses the…
Read More
Marriott reaches $52 million settlement over years of data breaches
14 Oct

Marriott reaches $52 million settlement over years of data breaches

stp2y0 CommentsNews, , , ,
Marriott International is being taken to task after the hotel chain suffered multiple data breaches that exposed sensitive information for more than 344 million customers around the world. First, Marriott agreed to a settlement of with a group of 50 US attorneys general. According to Connecticut Attorney General William Tong, 131.5 million hotel customers in the states had their information compromised in the attacks on the hotels.Second, a settlement with the Federal Trade Commission will require Marriott and its Starwood Hotels & Resorts subsidiary to implement a new information security system to protect against future data exposures. The FTC agreement…
Read More
Pig Butchering Scams Are Going High Tech
12 Oct

Pig Butchering Scams Are Going High Tech

stp2y0 CommentsAI, , , , ,
As digital scamming explodes in Southeast Asia, including so called “pig butchering” investment scams, the United Nations Office on Drugs and Crime (UNODC) issued a comprehensive report this week with a dire warning about the rapid growth of this criminal ecosystem. Many digital scams have traditionally relied on social engineering, or tricking victims into giving away their money willingly, rather than leaning on malware or other highly technical methods. But researchers have increasingly sounded the alarm that scammers are incorporating generative AI content and deepfakes to expand the scale and effectiveness of their operations. And the UN report offers the…
Read More
Understanding Directory Traversal and Preventing It with SafeLine WAF
10 Oct

Understanding Directory Traversal and Preventing It with SafeLine WAF

stp2y0 CommentsNews, , , , , , ,
Directory traversal, also known as path traversal, is a web security vulnerability that allows an attacker to access files and directories stored outside the web root folder. This article explores directory traversal, its potential impact, and how SafeLine Web Application Firewall (WAF) can protect your web applications from such attacks. What is Directory Traversal? Directory traversal attacks occur when an application accepts unvalidated user input, allowing attackers to navigate the server’s directory structure. By manipulating the file paths, attackers can access sensitive files, including configuration files, password files, and other critical system files. How Directory Traversal Works Attackers exploit directory…
Read More
What is Dynamic Protection in SafeLine WAF
23 Sep

What is Dynamic Protection in SafeLine WAF

stp2y0 CommentsNews, , , , , , ,
Dynamic Protection in SafeLine WAF refers to a suite of adaptive security features designed to protect web applications from a wide range of cyber threats by continuously adjusting and improving defenses based on real-time data and evolving attack patterns. Here's a breakdown of what Dynamic Protection typically involves: Real-Time Threat Detection: Uses machine learning and behavioral analysis to identify and respond to threats as they occur. This ensures that new and emerging threats are detected quickly. Automatic Rule Updates: Regularly updates security rules based on the latest threat intelligence. This allows the WAF to adapt to new attack vectors without…
Read More
Discord is rolling out end-to-end encryption for voice and video calls
18 Sep

Discord is rolling out end-to-end encryption for voice and video calls

stp2y0 CommentsNews, , , ,
Discord is rolling out new end-to-end encryption for both audio and video calls on its platform. The tech will be applied to calls from DMs, group DMs, voice channels and Go Live streams. Discord detailed the tech and its goals for the end-to-end encryption (E2EE) in a . Desktop and mobile clients already support the new upgrade, and the rest of the clients should be getting the feature next year.The company has focused on transparency with its E2EE protocols, and has made plenty of information about it . Discord is also promising that there should be no sacrifices to call…
Read More
Why You Need This Decade-Old Open-Source WAF for Ultimate Web Protection
14 Sep

Why You Need This Decade-Old Open-Source WAF for Ultimate Web Protection

stp2y0 CommentsNews, , , , , , , , ,
Here’s a strong recommendation for an open-source WAF (Web Application Firewall) that’s been developed for nearly 10 years. It comes in both community and professional editions, and the community edition(free) is more than capable of handling most use cases. 1. What is a WAF? Let’s start with the basics for those who might not be familiar:A WAF (Web Application Firewall) is a security solution deployed in front of websites at the application layer, offering protection through the following features: Web Vulnerability Protection:Detects and blocks common web attacks like SQL injection, XSS (cross-site scripting), and more via predefined rules. Anti-CC Attack:Provides…
Read More
Apple Intelligence Promises Better AI Privacy. Here’s How It Actually Works
11 Sep

Apple Intelligence Promises Better AI Privacy. Here’s How It Actually Works

stp2y0 CommentsGenAI, , , , , , , , ,
Apple is making every production PCC server build publicly available for inspection so people unaffiliated with Apple can verify that PCC is doing (and not doing) what the company claims, and that everything is implemented correctly. All of the PCC server images are recorded in a cryptographic attestation log, essentially an indelible record of signed claims, and each entry includes a URL for where to download that individual build. PCC is designed so Apple can't put a server into production without logging it. And in addition to offering transparency, the system works as a crucial enforcement mechanism to prevent bad…
Read More
Securely Deploy SafeLine WAF: A Step-by-Step Guide
10 Sep

Securely Deploy SafeLine WAF: A Step-by-Step Guide

stp2y0 CommentsNews, , , , , , , , ,
Protecting your web applications from malicious attacks is crucial. SafeLine WAF, developed by Chaitin Technology, is a robust and user-friendly Web Application Firewall designed to safeguard your site. This guide will walk you through a secure deployment of SafeLine WAF using Docker, ensuring your web applications are well-protected. Step 1: Install Docker First, you need to have Docker installed. Follow these steps to get the latest version of Docker: curl -sSL "https://get.docker.com/" | bash Enter fullscreen mode Exit fullscreen mode Step 2: Create SafeLine Directory Create a dedicated directory for SafeLine. This is where SafeLine will store its configuration files…
Read More
Ethical Hacking – This article is about discovering vulnerabilities in web applications.
09 Sep

Ethical Hacking – This article is about discovering vulnerabilities in web applications.

stp2y0 CommentsNews, , , , , , , , ,
We will use a range of tools to discover application failures. Github : https://github.com/samglish/web_exploitation_scanning Example of tools that we will use. Nikto Sslscan Sslyze OWASP Zed Attack Proxy(ZAP) BurpSuite Sqlmap bare hand analysis - > CSRF Scripting - > Python - > validation of command injections (HTTP,ICMP) 1. Nikto Terminal nikto -host google.com -port 443 -ssl OUTPUT - Nikto v2.1.6 --------------------------------------------------------------------------- + Target IP: 142.251.135.110 + Target Hostname: google.com + Target Port: 443 --------------------------------------------------------------------------- + SSL Info: Subject: /CN=*.google.com Ciphers: TLS_AES_256_GCM_SHA384 Issuer: /C=US/O=Google Trust Services/CN=WR2 + Start Time: 2024-09-09 14:01:05 (GMT1) --------------------------------------------------------------------------- + Server: gws + X-XSS-Protection header has been…
Read More
No widgets found. Go to Widget page and add the widget in Offcanvas Sidebar Widget Area.