Security News

Eight different security vulnerabilities arising from inconsistencies among 16 different URL parsing libraries could allow denial-of-service conditions, information leaks and remote code execution in various web applications, researchers are warning. Multiple Parsers in Use: Whether by design or an oversight, developers sometimes use more than one URL parsing library in projects.

A team of security researchers has discovered serious flaws in the way the modern internet parses URLs: Specifically, that there are too many URL parsers with inconsistent rules, which has created a worldwide web easily exploited by savvy attackers. We don't even need to look very hard to find an example of URL parsing being manipulated in the wild to devastating effect: The late-2021 Log4j exploit is a perfect example, the researchers said in their report.

The Tor Project has released Tor Browser 11.0 with a new user interface design and the removal of support for V2 onion services. You can download the Tor Browser from the Tor Project site, and if you are an existing user, you can upgrade to the latest version by going to the Tor Menu > Help > About Tor Browser.

Vade released its Phishers' Favorites report for H1 2021, which revealed that there has been a major jump in phishing attacks since the start of the year with a 281 percent spike in May and another 284 percent increase in June, for a total of 4.2 billion phishing emails detected by Vade for June alone. In Q2 2021, Crédit Agricole phishing URLs increased 296 percent, while La Banque Postale URLs increased 831 percent, pushing them up 18 spots to #5 on the list.

The Tor Project is auctioning off the first Tor Onion domain ever created, duskgytldkxiuqc6. Onion, as an NFT. The non-profit Tor Project operates the Tor decentralized network running on top of the Internet that allows users to access websites anonymously and special Onion URLs only accessible over Tor.

"Simple" can often be harder than "Complex." When thinking about the trickiest phishing campaigns and their components, URL redirection does not immediately come to mind as the part causing the trouble. URL forwarding is one method that is often abused by cybercriminals to create multi-layered phishing attacks.

Website contact forms and Google URLs are being used to spread the IcedID trojan, according to researchers at Microsoft. Attackers are using "Contact us" forms on websites to send emails targeting organizations with trumped-up legal threats, researchers said.

Cybercriminals ruthlessly exploited the coronavirus pandemic to set up phishing websites that posed as Pfizer, BioNTech and other household-name suppliers of vaccines and PPE, according to Palo Alto Networks. In a post published today, Palo Alto's Unit 42 threat intel division said COVID-themed phishing lure URLs "Largely centered around Personal Protective Equipment and testing kits in March 2020, government stimulus programs from April through the summer 2020 and vaccines from late fall 2020 onward."

The domains *.gvt1.com and *.gvt2.com, along with their subdomains, are owned by Google and typically used to deliver Chrome software updates, extensions, and related content. The GVT in the gvt1.com domain stands for Google Video Transcoding, and is used as a cache server for content and downloads used by Google services and applications.

Researchers from GreatHorn report they have observed a nearly 6,000-percent jump in attacks using "Malformed URL prefixes" to evade protections and deliver phishing emails that look legit. Typosquatting is a common phishing email tactic where everyday business names are mispelled, like "Amozon.com" - to try and trick unobservant users into clicking.