Security News

Cybercriminals were able to register malicious generic top-level domains and subdomains imitating legitimate, prominent sites due to Verisign and several IaaS services allowing the use of specific characters that look very much like Latin letters, according to Matt Hamilton, principal security researcher at Soluble. To demonstrate the danger of these policies, he registered 25+ domains that resemble a variety of popular domains by using a mix of Latin and Unicode Latin IPA homoglyph characters.

Researchers at Soluble today said they worked with Verisign to thwart the registration of domain names that use homoglyphs - non-Latin characters that look just like letters of the Latin alphabet - to masquerade as legit domains. First reported back in the 2000s, this technique allow miscreants to use characters that, when displayed in the browser bar, appear to show the URL of a valid site - such as Apple.com or Google.com - despite being a completely different domain name.

A powerful new approach to securing web browsers is getting its first real-world application in the Firefox browser. The new approach is now part of a test release of the Firefox browser for the Linux operating system and could be available on Windows and MacOS platforms within a few months.

Intertrust announced the launch of whiteCryption Secure Key Box for Web at the RSA Conference 2020. The first and only enterprise-ready white-box cryptography solution for web applications, it ensures that web apps can be used without fear of exposing the underlying keys and credentials to cyberattack.

The personal data of 10,683,188 MGM hotel guests that leaked sometime in or before 2017 was posted for sale on the Dark Web this week, ZDNet reports. ZDNet called hotel guests whose details were included in the data dump and found that, while some of the phone numbers had been disconnected, many were still valid, as "The right person answered the phone."

Firefox version 73 has only been out for a week but already Mozilla has had to update it to version 73.0.1 to fix a range of browser problems and crashes, including when running on Linux machines. In an issue known about for some weeks, users running third-party security programs with anti-exploit protection, including the 0patch 'guerrilla' patching agent, were being affected by crashes.

Cymatic announced its participation in RSAC 2020 to demonstrate the success of the only unified web defense that deploys at the client through a simple line of JavaScript without agents or proxies to deliver first-look, first-strike capability that is earliest in the kill chain. Cymatic's next-generation all-in-one web application defense platform provides universal in-session visibility and control to reduce risk across web applications, networks, and users while decreasing network traffic loads and eliminating user friction.

Over 20,000 web servers have been compromised via trojanized WordPress themes to deliver malware through malicious ads, Prevailion researchers have discovered. They are taking advantage of the widespread use of the WordPress content management system, an increased demand for premium themes and victims' lack of security awareness to get them to unknowingly compromise their own web servers.

Cybercriminals were already using convincing but fake emails from the WHO, CDC and Japanese government to trick people into downloading PDF, MP4 and Microsoft Word DOCX files. The shipping and manufacturing industry have taken massive hits because of the quarantines in China, and cybercriminals have sought to exploit that by bombarding companies with malware, spam and fake emails with links to sites like Office 365, Adobe and DocuSign hoping to steal emails and passwords.

Acunetix 13 comes with an improved user interface and introduces innovations such as the SmartScan engine, malware detection functionality, comprehensive network scanning, proof-of-exploit, incremental scanning, and more. Scanning complex web applications using traditional web vulnerability scanners may take hours, having a serious impact on production site performance and internal processes.