Security News

Cybercriminals ruthlessly exploited the coronavirus pandemic to set up phishing websites that posed as Pfizer, BioNTech and other household-name suppliers of vaccines and PPE, according to Palo Alto Networks. In a post published today, Palo Alto's Unit 42 threat intel division said COVID-themed phishing lure URLs "Largely centered around Personal Protective Equipment and testing kits in March 2020, government stimulus programs from April through the summer 2020 and vaccines from late fall 2020 onward."

The domains *.gvt1.com and *.gvt2.com, along with their subdomains, are owned by Google and typically used to deliver Chrome software updates, extensions, and related content. The GVT in the gvt1.com domain stands for Google Video Transcoding, and is used as a cache server for content and downloads used by Google services and applications.

Researchers from GreatHorn report they have observed a nearly 6,000-percent jump in attacks using "Malformed URL prefixes" to evade protections and deliver phishing emails that look legit. Typosquatting is a common phishing email tactic where everyday business names are mispelled, like "Amozon.com" - to try and trick unobservant users into clicking.

Email security company GreatHorn is warning of a new form of phishing attack that makes malicious messages more likely to get through filters and harder for the average person to detect by sight. Email scanning programs, GreatHorn said in a blog post, aren't configured to detect these kinds of attacks because they don't fit known bad criteria.

Brave Browser is fixing a privacy issue that leaks the Tor onion URL addresses you visit to your locally configured DNS server, exposing the dark web websites you visit. To access Tor onion URLs, Brave added a 'Private Window with Tor' mode that acts as a proxy to the Tor network.

A new targeted phishing campaign includes the novel obfuscation technique of using Morse code to hide malicious URLs in an email attachment. Samuel Morse and Alfred Vail invented morse code as a way of transmitting messages across telegraph wire.

Ben Seri and Gregory Vishnepolsky, threat researchers at Armis, have found a way to expand upon the NAT Slipstream attack disclosed last year by Samy Kamkar, CSO of Openpath Security. The original NAT Slipstream potentially allowed a miscreant to access any TCP/UDP service tied to a victim's machine by bypassing the victim's NAT and firewall defenses.

Google Chrome is getting a new feature that increases security when clicking on web page links that open URLs in a new window or tab. This attribute has a known security issue that allows the newly opened page to utilize javascript to redirect the original page to a different URL. This redirected URL can be anything the threat actor wants, including phishing pages or pages that automatically download malicious files.

Microsoft has released a spreadsheet containing the full list of URLs that Microsoft Defender ATP must reach to function correctly. When Microsoft Defender ATP is installed on endpoints, its sensor will detect malicious threats and behaviors and send them via HTTP to the Microsoft Defender ATP cloud service.

Spammers have started using a tricky URL obfuscation technique that sidesteps detection - and ultimately infects victims with the LokiBot trojan. When the PowerPoint file is opened, the document attempts to access a URL via a Windows binary, and this leads to various malware being installed onto the system.