Month: April 2017

Google Patches Unicode Domain Phishing Bug in Chrome
Authentication, Privacy

Google Patches Unicode Domain Phishing Bug in Chrome

Google has patched a dangerous issue in Chrome that enabled attackers to spoof legitimate domains in the browser by using unicode characters rather than normal ones. That vulnerability is the result of the way that Chrome handles some unicode characters and it’s not necessarily a new issue. Security experts have […]

Android Sensor Attack Can Guess PINs with 94% Accuracy
Device Security, Hacking

Android Sensor Attack Can Guess PINs with 94% Accuracy

With each new generation of smartphone, manufacturers are adding more and more sensors to enhance the user’s experience, but this also means that more and more apps are asking for blanket permission to use those sensors. This proliferation of sensors and permissions is creating serious privacy and security issues, as researchers at Newcastle […]

Facebook Launches Beta of New Account Recovery System
Authentication

Facebook Launches Beta of New Account Recovery System

Facebook has opened a beta program for its new Delegated Account Recovery system, which is designed to replace traditional email or SMS-based recovery processes. The Facebook system allows users to connect their Facebook accounts with other services and use that trusted link to recover access to one of the accounts. The company […]

Microsoft Patched Shadow Brokers Flaws Before Latest Disclosure
Hacking

Microsoft Patched Shadow Brokers Flaws Before Latest Disclosure

The latest release of exploits and vulnerabilities from the Shadow Brokers came as a surprise to many observers, but not to the security team at Microsoft. It turns out that the company already has patched most of the flaws in its products that were exposed in last week’s exploit dump. […]

Unicode Domain Phishing Attack Resurfaces
Hacking, Social Engineering

Unicode Domain Phishing Attack Resurfaces

Researchers are warning about a phishing attack that abuses the way some browsers handle unicode characters to display attack domains that are identical to legitimate ones. The concept behind the attack is quite old, but it has resurfaced in the current versions of both Firefox and Chrome. The attack relies […]

CSRF Bug Haunts Magento E-Commerce Platform
Hacking

CSRF Bug Haunts Magento E-Commerce Platform

There is a serious vulnerability in a version of the Magento e-commerce platform that could allow a remote attacker to access a target site’s database. The bug can be used for remote code execution, and the researchers who discovered it say they notified Magento of the vulnerability in November, but the […]

Inside the Tech Support Scam Ecosystem
Phone Fraud, Social Engineering

Inside the Tech Support Scam Ecosystem

A pair of doctoral students and their advisor, looking for insights into the inner workings of tech support scams, spent eight months collecting data on and studying the tactics and infrastructure of the scammers, using a purpose-built tool. What they uncovered is a complex, technically sophisticated ecosystem supported by malvertising and […]

On the Wire Podcast: Mike Mimoso
Podcast

On the Wire Podcast: Mike Mimoso

It’s been a while since we’ve seen the kind of drama surrounding a Microsoft zero-day bug that we saw this week with the Word vulnerability. Details of the flaw began emerging last week and attackers have been targeting it for several months, but Microsoft didn’t saw a thing about it […]