 We see lots of phishing attempts for email, bank, PayPal, Credit card and other financial credentials. This one is slightly different than many others and much more involved and complicated, designed to make analysis and blocking by anti-phishing tools much harder. It pretends to be a message from American Express about an error on your account. They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium-sized businesses, with the hope of getting a better response than they do from consumers. Remember many email clients, especially on a mobile phone or tablet, only show the Name in the From: and not the bit in <domain.com >. That is why these scams and phishes work so well. We all get very blasé about phishing and think we know so much that we will never fall for a phishing attempt. Don’t assume that all attempts are obvious. Watch for any site that invites you to enter ANY personal or financial information. It might be an email that says “you have won a prize” or “sign up to this website for discounts, prizes and special offers” All of these emails use Social engineering tricks to persuade you to open the attachments that come with the email. Whether it is a message saying “look at this picture of me I took last night” and it appears to come from a friend or is more targeted at somebody who regularly is likely to receive PDF attachments or Word .doc attachments or any other common file that you use every day. Full details are posted on OUR FORUM.  Exploit code demonstrating a memory corruption bug in Microsoft's Edge web browser has been published today by the researcher that discovered and reported the vulnerability in the first place. The code can lead to remote code execution on unpatched machines. The security bug affects Chakra, the JavaScript engine powering Edge, in a way that could allow an attacker to run on the machine arbitrary code with the same privileges as the logged user. Reported by Bruno Keith of the phoenhex team of vulnerability researchers, the flaw has been marked as having a critical impact by Microsoft on most operating systems it affects. The only systems where it has 'moderate' severity are Windows server editions 2019 and 2016. The proof-of-concept code has 71 lines and results in an out-of-bounds (OOB) memory read leak; the effect may not appear that damaging but an attacker can modify the demo exploit to achieve a more harmful outcome. "Chakra failed to insert value compensation which causes the headSegmentsym to be reloaded but not the headSegmentLength sym, we, therefore, accessed the new buffer with the wrong length checked," explains a comment in the demo code. For more turn to OUR FORUM.  Everyone by now is familiar with the specific kind of partisan rage that manifests on Facebook, particularly with the kind of tailored memes meant to incite political outrage that finds a home on its platform. But according to a report from the Wall Street Journal, Facebook mulled a tool meant to facilitate greater tolerance among those with opposing political beliefs before it was reportedly stalled by Facebook’s Vice President of Global Public Policy Joel Kaplan. Citing sources familiar with the matter, the Journal reported Sunday that Kaplan, who memorably pissed off Facebook staff after supporting Brett Kavanaugh, objected to the so-called called “Common Ground” project over concerns that the endeavor would prompt allegations of political bias against conservatives. The project “involved several potential products meant to minimize toxic content and encourage more civil discussion,” per the Journal: The Wall Street Journal writes read more on our Forum |
Latest Articles
|