What is the best defense for a multi-layered attack: Spoofing, MiTM, Login CSRF?

How would one go about defending against this sort of attack to best protect a sloppy user? There can be obvious signs of a spoofing attack, such as not using SSL, slightly different domain, etc, but I am assuming Tristed.com (the maliciou… Continue reading What is the best defense for a multi-layered attack: Spoofing, MiTM, Login CSRF?

Verisign, Amazon patch zero-day vulnerability that utilized homoglyph characters

Verisign has fixed an issue that could have allowed attackers to register bogus domains by using homoglyphs in place of more common characters, due to research from California-based security firm Soluble. Matt Hamilton, principal security researcher at Soluble, discovered the flaw when he attempted to register an Amazon Web Services S3 bucket with Unicode emoji characters. “It was possible to register Latin homoglyph characters, specifically Unicode Latin IPA Extension homoglyphs,” he wrote in a blog released Wednesday. “I then checked if it was possible to register domains with these homoglyph characters. Ruh-roh, it was.” Hamilton called out the abuse of the following characters: The “ɡ” (Voiced Velar Stop) The “ɑ” (Latin Alpha) The “ɩ” (Latin Iota) For years, domain providers have been aware of homoglyph attacks and have put in place restrictions to prevent their exploitation, such as barring the use of both Latin and Cyrillic characters at once. Verisign, which operates […]

The post Verisign, Amazon patch zero-day vulnerability that utilized homoglyph characters appeared first on CyberScoop.

Continue reading Verisign, Amazon patch zero-day vulnerability that utilized homoglyph characters

FBI: Cybercrime tore a $3.5b hole in victims’ pockets last year

The FBI’s Internet Crime Report shows that business email comprise is the biggest money-maker for cybercriminals. Continue reading FBI: Cybercrime tore a $3.5b hole in victims’ pockets last year

FBI: $3.5B Lost in 2019 to Known Cyberscams, Ransomware

Cybercriminals double down on successful internet scams, with a focus on phishing, BEC and other defrauding schemes that have proven to work. Continue reading FBI: $3.5B Lost in 2019 to Known Cyberscams, Ransomware

FTC warns VoIP providers that help robocallers: we can and will sue

It put 19 internet-calling companies on notice that helping illegal robocalls is illegal. It has sued before, and it can do it again. Continue reading FTC warns VoIP providers that help robocallers: we can and will sue