Internet url – Past Torrent http://pasttorrent.com/ Tue, 14 Jun 2022 09:45:58 +0000 en-US hourly 1 https://wordpress.org/?v=5.9.3 https://pasttorrent.com/wp-content/uploads/2021/10/icon-28-120x120.png Internet url – Past Torrent http://pasttorrent.com/ 32 32 Cybercriminals use reverse tunneling and URL shorteners to launch ‘virtually undetectable’ phishing campaigns https://pasttorrent.com/cybercriminals-use-reverse-tunneling-and-url-shorteners-to-launch-virtually-undetectable-phishing-campaigns/ Mon, 13 Jun 2022 14:44:00 +0000 https://pasttorrent.com/cybercriminals-use-reverse-tunneling-and-url-shorteners-to-launch-virtually-undetectable-phishing-campaigns/ A new hacking technique allows threat actors to evade some of the most effective phishing countermeasures A new way of conducting phishing attacks is being embraced by criminal groups – and it could make threat actors virtually undetectable, security researchers warn. The technique involves using “reverse tunneling” services and URL shorteners to launch large-scale phishing […]]]>

A new hacking technique allows threat actors to evade some of the most effective phishing countermeasures

A new way of conducting phishing attacks is being embraced by criminal groups – and it could make threat actors virtually undetectable, security researchers warn.

The technique involves using “reverse tunneling” services and URL shorteners to launch large-scale phishing attacks. Moreover, the groups using these techniques leave no trace.

Instead, hackers can use their local machines to host phishing pages on random URLs. These can help evade detection by URL analysis services. Groups can then hide their identity further using URL shortening services.

At the bottom of the hole

Attackers are not exploiting a vulnerability in the technical sense. Instead, they abuse legitimate out-of-the-box services to circumvent anti-phishing measures. Services associated with the technique include bit.ly, Ngrok, and Cloudflare’s Argo Tunnel.

The attack was detected by security researchers from CloudSEK, who discovered that the method was used to target customers of Indian banks.

Here, phishing attacks attempted to trick customers into handing over their bank details, Aadhaar (Indian national identity) number and other sensitive information.

CATCH UP Apple showcases next-gen security technology at WWDC 2022

“We discovered this when we were monitoring the internet for assets, impersonations and data related to our customers,” said Darshit Ashara, principal threat researcher at CloudSEK. The daily sip.

“During our regular research, we began noticing patterns of abuse of several reverse tunneling services.”

Although CloudSEK has detected phishing attempts against Indian bank customers, the technique has also been used in the US, UK and Europe.

“Reverse tunnel attacks have become quite common these days,” Ashara added. “The modus operandi of threat actors using reverse tunneling includes sending SMS spam with shortened phishing URLs using popular URL shortening services.

“We have observed this technique being used to target most major brands and organizations.”

Reverse tunnel and URL shortening attacksThe reverse tunneling and URL shortening attack in action (Image: CloudSEK)

Hiding in the shadows

Reverse tunnels allow criminal groups to evade some of the most effective countermeasures.

One of the ways phishing groups are caught is their reliance on hosting providers and their use of domains that CloudSEK says “impersonate targeted businesses or keywords.”

Even when there isn’t enough evidence for law enforcement to go after phishing groups, hosts will remove spoofed domains.

Learn about the latest infosec research from around the world

Using domains with “random or generic” keywords offers some protection to attackers, as they cannot be flagged for trademark infringement. But cybercriminals can use reverse tunnels to completely bypass hosting by storing phishing binaries on nothing more than a local PC.

Adding a URL shortener at the top makes it even harder to trace the attack and can make victims more likely to fall for scams. Add to that the fact that most reverse tunnel URLs are temporary – typically only running for 24 hours – and attribution and prosecution become even more difficult.

Improved Monitoring

CloudSEK calls for better monitoring of reverse tunnel services. Ngrok, for example, now requires its users to disclose their IP addresses and register before hosting HTML content, while Cloudflare requires users to create an account.

URL shorteners are more difficult to monitor because there is no actual malicious activity: they simply redirect users to a website. CloudSEK admits, however, that attack discovery depends on third-party monitoring.

Targeted companies may then have to rely on user education to combat this attack vector.

“In fact, this is another channel for phishing attacks – the main difference is attribution,” said Chris Preece, head of cyber operations at digital risk management consultancy Protection. International Group.

“If a domain is registered with a host, they can respond to complaints and take down a website, but with reverse tunnels, the reverse tunnel provider has no responsibility for that, which means they are potentially harder to remove. Combine this with a URL shortener, it can be very effective.

“This is going to sound cliché, but the advice we have is to double down on phishing awareness to reduce the likelihood of someone clicking on a malicious link.”

YOU MIGHT ALSO LIKE Chinese cybercriminals widely exploit well-known attacks to infiltrate networks

]]>
The Dynamic Web Security Duo https://pasttorrent.com/the-dynamic-web-security-duo/ Thu, 09 Jun 2022 08:23:51 +0000 https://pasttorrent.com/the-dynamic-web-security-duo/ Malicious actors have been around since the inception of the Internet. The need to improve your cybersecurity plan has become a new reality in the aftermath of the pandemic, with the majority of businesses transitioning to work from the hybrid home model. Phishing attacks increased by 220% during the pandemic as hackers exploited insecure remote […]]]>

Malicious actors have been around since the inception of the Internet. The need to improve your cybersecurity plan has become a new reality in the aftermath of the pandemic, with the majority of businesses transitioning to work from the hybrid home model.

Phishing attacks increased by 220% during the pandemic as hackers exploited insecure remote access vulnerabilities. This poses a serious threat to your organization and critical assets. Other attacks that have begun to plague IT professionals are man-in-the-middle attacks when remote workers connect from an unsecured Wi-Fi connection at their local Starbucks or from the living room. of the airport.

An employee connecting to a site containing harmful content such as gambling or gambling may inadvertently open a backdoor to a malicious actor.

This is why URL filtering and DNS filtering solutions are among the most popular content filtering methods that help maintain network security and reduce security risks. These services evaluate site content and assign a risk score based on site user traffic, domain page threat history, geolocation, associated networks, internal and external links, and other contextual trends. .

WASH

There remains a debate about which works best between DNS and URL filtering to secure your online environment. The combination of both options is the most ideal method to fight against online cyber threats. The two work together to provide essential security features against harmful sites and content.

These services assess online sites and assign a risk score based on site user traffic, domain page threat history, viewing age, geolocation, related networks, internal links and external, as well as other contextual tendencies.

Let’s take a closer look at URL and DNS filtering.

Defend against web threats with URL filtering

URL filtering is used to identify and block harmful websites to improve network security and protect employees from potential attacks.

URL filters classify sites according to topics and allow or deny a user access to them. These sites usually include games, shopping, adult content, malware, social media and other high-risk unwanted websites that could threaten your private networks.

URL filtering helps improve employee productivity because you control which sites can and should be visited during working hours.

How does the URL Filtering Service maintain network protection?

The simplest explanation of how URL filtering works is to compare the site the user wants to visit against a list of sites that have been restricted or allowed to be used by the company. If the site the user wants to visit is blocked, the filtering system will redirect him to a similar site containing what he needs.

All websites in the database belong to a specific URL category, also called a URL filter. This allows organizations to group certain types of websites while assigning specific actions to each category, such as blocking or accepting the destination address based on its URL category.

The best way to use URL filters is to create a URL filtering profile and define site access based on URL category. You can choose to completely restrict access to the site or block certain site functionality based on its URL category. Once completed, the security policy will apply to all users by default.

URL filtering can be done using a cloud-based database, a local server, or a combination of both. A cloud-based server gives organizations information on the latest sites to block. A local database server stores a list of sites frequently visited by users and ensures maximum efficiency and minimum latency.

Block Domain-Level Threats with DNS Filtering

When a search query is entered into a browser, DNS translates the DNS query to the user’s IP address and directs you to the desired site. While simple, this process does not protect you from malicious activity or malicious content online.

With DNS filtering features, the search process becomes more secure. The DNS lookup query redirects to a DNS resolver. The resolver filters the domain and compares it to the company’s blocklist and allowlist before taking action. If the domain is not listed in the block list or allow list, the DNS filter can perform real-time scanning of the website to check whether it is safe or unsafe for the organization.

DNS security filtering can block either the domain name or the IP address.

What are DNS servers?

DNS servers connect domain names to IP addresses to allow you to access the website you want. Without DNS servers, it would be impossible to access online sites.

Secure DNS servers can block malicious websites and help users protect their personal information. DNS encryption protects your personal data from theft, a big concern for IT as the shift to remote working is here to stay.

URL filtering and DNS filtering? What’s best for you?

DNS protection and URL filtering each have their strengths in security management. When used correctly, they can both create a strong barrier between your organization and unwanted online content, prevent data breaches, and secure third parties on the other side of the globe with just a few clicks.

But which is the better of the two options? Here is a side-by-side comparison chart.

DNS Filtering URL filtering
Granularity Network-level rules based on DNS lookup queries Access policy based on users and groups
Malware Protection Blocks DNS queries to malicious domains Anti-malware engine that inspects all traffic
Execution point Perimeter network 81 requires agent login Agent-level enforcement even when not logged in
DNS app over HTTPS No DNS inspection capability over HTTPS Can inspect DNS over HTTPS

In conclusion, DNS and URL filtering features work hand in hand to improve an organization’s security posture. A secure web gateway offers URL filtering with additional layers of security to prevent malware and enforce company policies.

DNS filtering provides surface control against malicious content and all types of online attacks by blocking the domain before the user can access it. As the threat surface continues to grow, organizations will face new challenges.

Take security measures in advance. Protect your employees and company assets from web threats with Perimeter 81.

Sponsored by: Perimeter 81

]]>
Most important differences and complete form https://pasttorrent.com/most-important-differences-and-complete-form/ Thu, 02 Jun 2022 13:03:12 +0000 https://pasttorrent.com/most-important-differences-and-complete-form/ URL versus URI: Most people think that a URL (Uniform Resource Locator) is the same as a URI (Uniform Resource Identifier). Although they are both used to identify resources on the web, there are important differences between the two. In this article, we’ll explore what those differences are so you can better understand how to […]]]>

URL versus URI: Most people think that a URL (Uniform Resource Locator) is the same as a URI (Uniform Resource Identifier). Although they are both used to identify resources on the web, there are important differences between the two. In this article, we’ll explore what those differences are so you can better understand how to use them.

URL vs URI: the basics

When it comes to the Internet, many terms are used. Two of these terms are URL and URI. Although they may look similar, they actually have different meanings. Here we are going to take a look at the difference between a URL and a URI so that you can better understand how the internet works.

A URL is a Uniform Resource Locator. This is the address of a specific resource on the Internet. It will tell you where to find something and how to access it. A URI, on the other hand, is a uniform resource identifier. This is used to identify a resource, but it doesn’t tell you how to access it.

Now that you know the difference between a URL and a URI, you can start using them correctly. When you search for something on the Internet, be sure to use a URL so that you can access it directly. If you just need to identify a resource, you can use a URI.

What is a URL?

A URL is a Uniform Resource Locator and is used to identify resources on the Internet. A URL is made up of several parts, including a protocol, a domain name, and a path. The protocol specifies how information is retrieved from the resource, while the domain name specifies where the resource is located. The path provides a specific location for the resource in the domain.

Difference Between Virtual Reality and Augmented Reality

What is a URI?

A URI is a unique identifier for a resource on the Internet. It can be a website, an image, a file or any other element accessible online. A URI is made up of a number of components, including a scheme (eg http), a hostname (eg www.example.com), and a path (eg /images/logo.png).

A URL is simply a specific type of URI that identifies resources using a uniform resource locator (URL). A URL contains all the information needed to locate and access a resource on the Internet. In addition to the scheme, hostname, and path components, a URL can also contain other information such as a port number, query string, and fragment identifier.

The difference between URL and URI

Most people think of a URL as just a web address. However, there is actually a difference between a URL and a URI. A URL is simply a formatted string that identifies the location of a resource. A URI, on the other hand, is a more generic term that can be used to identify any kind of resource, whether it’s on the web or not.

Here are some of the most important differences between URLs and URIs:

· A URL must always be absolute, that is, it must specify all the components necessary to access the resource. A URI does not need to be absolute and can be relative.

· A URL can only be used to identify resources located on the Web. A URI can be used to identify resources located anywhere, including on the web, in a database, or in a file system.

· A URL must always include a protocol identifier (such as http:// or ftp://). A URI need not include a protocol identifier.

· A URL must always include a host name (such as www.example.com). A URI does not need to include a hostname.

When to use a URL vs URI

There are a few key differences between URLs and URIs that you should be aware of when deciding which one to use for your next project. A URL is simply a Uniform Resource Locator, while a URI is a Uniform Resource Identifier. The main difference between the two is that a URL points to a specific resource, while a URI can point to a specific resource or just identify the resource in general.

When deciding whether to use a URL or URI, you must first think about what you want the identifier to do. If you need to point to a specific resource, you must use a URL. However, if you just need to identify the resource without specifying its location, you can use a URI.

Keep in mind that URLs and URIs can be used for web pages, but URIs can also be used for other resources such as email addresses, files, databases, etc. So if you don’t know which one to use, it’s probably best to use a URI.

How to choose the right one for your project

When working on a web project, it is important to choose the right type of URL or URI for your needs. URLs and URIs are useful for different purposes, so it is important to understand the difference between them.

URLs, or Uniform Resource Locators, are what you typically think of when you think of a web address. They are used to specify the location of a resource on the Internet and can be used to access that resource.

URIs, or Uniform Resource Identifiers, are used to identify a resource. They don’t necessarily specify the location of the resource, but they do provide a way to uniquely identify it.

So which one should you use for your project? It depends on what you need. If you need to specify the location of a resource, you will need to use a URL. If you just need to identify a resource, then a URI will suffice.

Conclusion

The most important difference between URL and URI is that a URL is a subset of URI that specifies where a resource is located. A URI can be used to identify any type of resource, while a URL specifically identifies a web page or other Internet resource.

]]>
Week in Review: Exploiting F5 BIG-IP RCE, URL Spoofing Flaws in Zoom, Google Docs https://pasttorrent.com/week-in-review-exploiting-f5-big-ip-rce-url-spoofing-flaws-in-zoom-google-docs/ Sun, 15 May 2022 08:30:34 +0000 https://pasttorrent.com/week-in-review-exploiting-f5-big-ip-rce-url-spoofing-flaws-in-zoom-google-docs/ Here’s a look at some of the most interesting news, articles and interviews from the past week: Microsoft fixes Windows LSA spoofing zero-day under active attack (CVE-2022-26925)May 2022 Patch Tuesday is here, and Microsoft marked it by releasing fixes for 74 CVE-numbered vulnerabilities, including one zero-day vulnerability under active attack (CVE-2022-26925) and two publicly known […]]]>

Here’s a look at some of the most interesting news, articles and interviews from the past week:

Microsoft fixes Windows LSA spoofing zero-day under active attack (CVE-2022-26925)
May 2022 Patch Tuesday is here, and Microsoft marked it by releasing fixes for 74 CVE-numbered vulnerabilities, including one zero-day vulnerability under active attack (CVE-2022-26925) and two publicly known vulnerabilities ( CVE-2022-29972 and CVE-2022-22713).

Attackers attempt to exploit critical F5 BIG-IP RCE
Researchers have developed PoC exploits for CVE-2022-1388, a critical remote code execution bug affecting F5 BIG-IP general purpose network devices/modules.

Researchers find URL spoofing flaws in Zoom, Box, Google Docs
Researchers have discovered several URL spoofing bugs in Box, Zoom, and Google Docs that would allow phishers to link to malicious content and make it appear to be hosted by an organization’s SaaS account .

Critical Flaw in Zyxel Firewalls Allows Access to Corporate Networks (CVE-2022-30525)
A critical vulnerability (CVE-2022-30525) affecting several models of Zyxel firewalls has been publicly disclosed, along with a Metasploit module that exploits it.

Data centers on steel wheels: can we trust the safety of rail infrastructure?
In this interview for Help Net Security, Dimitri van Zantvliet Rozemeijer, CISO at Nederlandse Spoorwegen (Dutch Railways), talks about railway cybersecurity and the progress the industry has made in ensuring safety.

Google Drive emerges as the best app for malware downloads
Netskope published research which found that phishing downloads have seen a surge of 450% over the past 12 months, fueled by attackers using search engine optimization (SEO) techniques to boost the rankings of malicious PDF files on popular search engines including Google and Bing. .

The role of streaming machine learning in analyzing encrypted traffic
Organizations now create and move more data than at any other time in human history. Network traffic continues to increase and global Internet bandwidth increased by 29% in 2021, reaching 786 Tbps.

Password reuse is commonplace among Fortune 1000 employees
SpyCloud has released an annual analysis of identity exposure among employees of Fortune 1000 companies in key industries such as technology, finance, retail and telecommunications.

How to set up a powerful insider threat program
Security spending continues to focus on external threats despite threats often originating from within the organization. A recent Imperva report (by Forrester Research) found that only 18% of priority spending was dedicated to an insider threat program (ITP), compared to 25% focused on external threat intelligence.

Is this health app safe to use? A new framework aims to provide an answer
The American College of Physicians (ACP), the American Telemedicine Association (ATA), and ORCHA, the Organization for the Review of Healthcare Applications.

An offensive mindset is crucial for effective cyber defense
As ransomware attacks continue to rise and cybercriminals become more sophisticated, the federal government has implemented a more proactive approach to cybersecurity.

How to avoid headaches when posting a CVE
Finding a CVE (Common Vulnerabilities and Exposures) is the first step in a process that begins with identifying a zero-day and could end in fame and glory – if the discovery is big enough.

A 10-point plan to improve the security of open source software
The Linux Foundation and the Open Source Software Security Foundation, with input from leaders from 37 companies and numerous U.S. government leaders, presented a 10-point plan to comprehensively address open source software supply chain security. , securing open source security production, improving vulnerability discovery and remediation, and shortening ecosystem patch response time.

The SaaS-to-SaaS supply chain is a wild mess
The SaaS-to-SaaS supply chain continues to grow unhindered, without alerting security teams to new risks and connections created by non-human identities that cannot be resolved using traditional security controls designed for human-application interactions.

Funding Women-Led Cybersecurity Startups: Where Do We Stand?
In this video for Help Net Security, Lisa Xu, CEO of NopSec, talks about the cybersecurity funding landscape and its lack of diversity.

Hardware security threats are on the rise
In this video for Help Net Security, Jason Oberg, CTO at Tortuga Logic, talks about the growing threats to hardware security.

Ransomware works fast, you need to be faster to counter it
In this video for Help Net Security, Chuck Everette, Director of Cybersecurity Advocacy at Deep Instinct, talks about the threat of ransomware, the speed at which ransomware attacks happen, and offers advice on how to mitigate the associated risk.

Closing healthcare cybersecurity gaps between hospitals and manufacturers
In this video for Help Net Security, Christopher Gates, Director of Product Security at Velentium, discusses gaps in healthcare cybersecurity, as well as the FDA’s new premarket cybersecurity guidelines for medical device manufacturers and the Health Sector Coordinating Council model contract language.

Why are DDoS attacks so easy to launch and so hard to fight?
In this video for Help Net Security, Ivan Shefrin, Executive Director of Comcast Business, explains how businesses can monitor and mitigate DDoS attacks.

Welcome “Frappo” – Resecurity has identified a new Phishing-as-a-Service
The Resecurity HUNTER unit has identified a new underground service called “Frappo”, which is available on the Dark Web.

Download Guide: Assessing Third-Party Security Platforms
A comprehensive third-party security program can align your vendor security with your internal security controls and risk appetite. Such a program can also help you address risks if your suppliers fall short.

New infosec products of the week: May 13, 2022
Here’s a look at some of the hottest products from the past week, with releases from Cohesity, ForgeRock, iDenfy, Nasuni, Orca Security, SecureAge, and Sonatype.

]]>
Apple Music “The requested URL was not found on this server” https://pasttorrent.com/apple-music-the-requested-url-was-not-found-on-this-server/ Thu, 12 May 2022 14:56:10 +0000 https://pasttorrent.com/apple-music-the-requested-url-was-not-found-on-this-server/ Apple Music is one of the most popular music streaming services in the world, competing with Deezer and Spotify. It also happens to have one of the largest music collections in the world, with over 75 million songs. In 2020, it was available in 167 countries and generated $4.1 billion in revenue. But as is […]]]>

Apple Music is one of the most popular music streaming services in the world, competing with Deezer and Spotify. It also happens to have one of the largest music collections in the world, with over 75 million songs.

In 2020, it was available in 167 countries and generated $4.1 billion in revenue.

But as is the case with all online services, issues like Listen Now not working and showing “Error: We ran into a problem” and seeing songs jumping to random places ruined the user experience. for many.

Adding to the problem, Apple Music users say they receive the error “The requested URL was not found on this server” when listening to their favorite music (1,2,3,4,5).

The issue seems to irritate many users as the error renders Apple Music unusable. Some have already tried restarting their app, clearing app data and reinstalling the app but to no avail.

Apple-Music-The-requested-url-was-not-found-on-this-server
Source

Aggravating problems. I’ve supported iTunes since day one but it gets really aggravating when you add an album to a playlist and it adds it upside down, also downloads the music and plays it and you get always a “The requested URL was not found on this server.” in the middle of a song!!
(Source)

Apple Music problems. My apple music keeps telling me “missing url” or something like that all the time and it’s really annoying, i’m always connected to the internet and i have good service and wifi and my music stops always out of nowhere or won’t play at all to say. Can anyone help?
(Source)

Although the developers have not yet commented on the issue where Apple Music subscribers receive the error “The requested URL was not found on this server”, we have found workarounds that may help resolve the issue. problem.

The first solution is to clear storage or make sure you have enough space for Apple Music to work normally. The second workaround requires users to turn off Wi-Fi and use mobile data to see if that helps.

Have you tried turning off Wi-Fi and using your data plan instead? Work for me.
(Source)

We hope the developers will look into the issue and fix it as soon as possible. If and when they do, we’ll update this space to reflect the same, so stay tuned for more information.

To note: We have more stories like this in our dedicated Apple section, so be sure to follow those as well.

PiunikaWeb began as a purely investigative tech journalism website with a primary focus on “breaking” or “exclusive” news. In no time, our stories were picked up by Forbes, Foxnews, Gizmodo, TechCrunch, Engadget, The Verge, Macrumors and many more. Want to know more about us? Head here.

]]>
Thinx Celebrates Acquisition of “Wet Panties” URL in Periodic Care Ads https://pasttorrent.com/thinx-celebrates-acquisition-of-wet-panties-url-in-periodic-care-ads/ Wed, 11 May 2022 12:43:57 +0000 https://pasttorrent.com/thinx-celebrates-acquisition-of-wet-panties-url-in-periodic-care-ads/ Vintage underwear brand Thinx is pushing taboos in its marketing of a new line of super-absorbent pants after buying the moistpanties.com URL. The bold play saw the brand rescue two of the English language’s most visceral words from web domain purgatory by placing them at the center of an outdoor (OOH), social, and web campaign […]]]>

Vintage underwear brand Thinx is pushing taboos in its marketing of a new line of super-absorbent pants after buying the moistpanties.com URL.

The bold play saw the brand rescue two of the English language’s most visceral words from web domain purgatory by placing them at the center of an outdoor (OOH), social, and web campaign that has previously been blocked by modest outreach. television.

Pushing the boundaries of supposed public decency and decorum, the taboo-busting campaign shatters language barriers as it drags the hated phrase from the darkest regions of the internet into the cold light of day.

Designed by Mischief @ No Fixed Address, the lightweight campaign promotes the benefits of breathable micromesh clothing through messages that are impossible to ignore.

Bianca Guimaraes, Partner and Executive Creative Director of Mischief, mastermind of Thinx’s award-winning MENstruation campaign, said, “Thinx has a long history of shifting perspective when it comes to topics that society still labels as taboo. We wanted to normalize something that happens to people every second of every day, but is still not talked about – largely because we cringe when we hear those two words. Wet panties are coming. But wet panties don’t have to happen with Thinx.

Crystal Zerrenner, Chief Growth Officer at Thinx, added: “Wet panties at all times – on and off your period – are a daily occurrence. We’re proud to launch another bold program that shines a light on women’s natural hydration every day and offers sustainable solutions to keep them cool and dry. After all, thanks to vintage Thinx moisture-wicking underwear, “wet panties” no longer exist.

The campaign was born out of a survey that found that 66% of Americans recoiled from the word “wet”, while more than half (52%) were uncomfortable with the word “panties”, which prompted Thinx to chain the two together for maximum impact.

The approach contrasts with an altogether more soothing campaign last year, which focused on ASMR sounds to sell the tight underwear.

]]>
Researchers find URL spoofing flaws in Zoom, Box, Google Docs https://pasttorrent.com/researchers-find-url-spoofing-flaws-in-zoom-box-google-docs/ Wed, 11 May 2022 07:00:00 +0000 https://pasttorrent.com/researchers-find-url-spoofing-flaws-in-zoom-box-google-docs/ Researchers have discovered several URL spoofing bugs in Box, Zoom, and Google Docs that would allow phishers to link to malicious content and make it appear to be hosted by an organization’s SaaS account . Many attacks are made possible The vulnerabilities result from a lack of validation of so-called vanity URLs, and they allow […]]]>

Researchers have discovered several URL spoofing bugs in Box, Zoom, and Google Docs that would allow phishers to link to malicious content and make it appear to be hosted by an organization’s SaaS account .

Many attacks are made possible

The vulnerabilities result from a lack of validation of so-called vanity URLs, and they allow attackers with their own SaaS accounts to modify the URL of pages hosting malicious files, forms, and landing pages, in order to maximize their potential to mislead users.

“These spoofed URLs can be used for phishing campaigns, social engineering attacks, reputation attacks, and malware distribution,” Varonis researchers noted.

“Most people are more likely to trust a link on varonis.box.com than a generic app.box.com link. However, if someone can spoof that subdomain, trusting the vanity URL can backfire.

The researchers demonstrated the exploitability of these flaws by:

  • Hosted a malicious PDF and phishing form on their test Box account, then created public file sharing and file request URLs and changed the subdomain in those (and the links kept working!)
  • Create malicious registration pages, employee login pages, and pages hosting meeting recordings, and make their URL and even branding reflect that of a popular brand (Apple)
  • Create Google Forms and documents (the latter being shared via the “publish to web” option) impersonating a specific company/brand

Mitigation

URL spoofing vulnerabilities have already been patched by Box, but not all have been mitigated in Zoom and Google Docs.

“We can still reproduce the Google Docs and Google Forms bug. We can reproduce the Zoom webinar registration and recording under certain circumstances, but the user receives a warning message in all cases,” said the Varonis research team at Help Net Security.

“We are still in communication with Google and Zoom in case they need more details, but we have not been informed if they plan to make any additional fixes.”

Since vanity URLs exist in many different SaaS applications, they advise organizations to educate employees about the risk of blindly trusting links, including the organization’s subdomain or that of a popular brand. , and to be careful when asked to submit sensitive information through forms – even if those forms appear to be hosted by their company’s sanctioned SaaS accounts.

]]>
Brave browser address or URL bar disappears when new tab is opened https://pasttorrent.com/brave-browser-address-or-url-bar-disappears-when-new-tab-is-opened/ Mon, 09 May 2022 07:00:00 +0000 https://pasttorrent.com/brave-browser-address-or-url-bar-disappears-when-new-tab-is-opened/ Brave is a Chromium-based browser developed by Brave Software Inc. Available on almost all operating systems, it was first released in November 2019. With a focus on privacy and offering a built-in ad blocker, millions of people use Brave every day. Users can also choose to watch ads and earn Basic Attention Tokens cryptocurrency. Although […]]]>

Brave is a Chromium-based browser developed by Brave Software Inc. Available on almost all operating systems, it was first released in November 2019.

With a focus on privacy and offering a built-in ad blocker, millions of people use Brave every day. Users can also choose to watch ads and earn Basic Attention Tokens cryptocurrency.

Although the app is quite stable, many have recently complained about issues such as inability to drag and rearrange tabs after v1.34.80 update and April 2022 ad payout giving out BAT tokens incorrect.

That said, recent reports from Android users who recently updated to Brave v1.38.109 suggest that their URL or address bar disappears every time they open a new tab (1,2,3).

Many say the bug makes it impossible to enter a URL in the newly opened tab and prevents them from tapping the Brave icon.

Brave-Android-address-URL-bar-disappears-New-tab
Source

Since update 1.38.109, I keep losing the address bar if I open a new tab. The “+ New Tab” stays on top and I can’t enter any URLs or tap the Brave icon. I cleared the cache and make sure the app is terminated for a clean start, still no difference. I’m not going to uninstall because everything worked with the previous version and I don’t want to lose my configuration.
(Source)

Hi, Same here in France with this bull**it version, totally invisible address bar, not selectable either. In my case, the problem is permanent, I tried hard rebooting but nothing solved the problem. This is clearly a bug that only an application restore can fix. I’m using android 11 on oneplus 6. Brave is no longer usable because I can’t type search on new tabs, can’t copy open tabs url etc. I confirm that if I hold my finger on the screen to swipe left or right but don’t release my finger, I can see the URL bar, so the control exists but is hidden.
(Source)

Although the developers of Brave have not yet acknowledged the problem of the address bar disappearing on Android when opening a new tab, we have found a workaround that may help solve the problem .

Users need to change the “Grid tab switcher for tablets” setting to Default to restore the address bar.

As mentioned in the forum thread, setting “Grid tab switcher for tablet” to “Default” seems to fix the problem, which means the bug is related to #22028
(Source)

As always, we’ll be keeping an eye out for further developments and updating this space when the developers fix the issue, so be sure to keep checking PiunikaWeb for more information.

To note: We have more stories like this in our dedicated web browser section, so be sure to follow those as well.

PiunikaWeb began as a purely investigative tech journalism website with a primary focus on “breaking” or “exclusive” news. In no time, our stories were picked up by Forbes, Foxnews, Gizmodo, TechCrunch, Engadget, The Verge, Macrumors and many more. Would you like to know more about us? Head here.

]]>
Explanation: what is typosquatting? Tips to prevent URL hijacking https://pasttorrent.com/explanation-what-is-typosquatting-tips-to-prevent-url-hijacking/ Thu, 05 May 2022 14:03:47 +0000 https://pasttorrent.com/explanation-what-is-typosquatting-tips-to-prevent-url-hijacking/ India oi-Prakash KL | Posted: Thursday May 5th 2022, 07:33 PM [IST] Cybercriminals trick people into clicking on websites that look a lot like the real websites you wanted to visit. Have you ever made a small spelling mistake while typing URLs and landed on strange websites? Or clicked on a link that appeared to […]]]>

India

oi-Prakash KL

|

Posted: Thursday May 5th 2022, 07:33 PM [IST]

Google One India News

Cybercriminals trick people into clicking on websites that look a lot like the real websites you wanted to visit.

Have you ever made a small spelling mistake while typing URLs and landed on strange websites? Or clicked on a link that appeared to be a legitimate website, but upon clicking you found out it was a fake site? This trick to trick people into landing on the malicious site is called typosquatting.

A small mistake on the internet could prove costly these days, as internet data usage has increased by more than seven sockets in the past few years. There are times when people type URLs without paying attention. For example, if you type www.gooogle.com instead of www.google.com, you will end up in the wrong place where there is a high chance that your system will be attacked or your sensitive information will be stolen.

Explanation: what is typosquatting?  Tips to prevent URL hijacking

Often, cybercriminals trick people into clicking on websites that look a lot like the real websites you wanted to visit. Without realizing they are on the wrong site, people can type in their login ID and password which hackers could use to steal your sensitive information.

Imagine that you have entered your credit card details on the malicious site and this information could be used to steal your money or the money on your card.

How does this work?
Cybercriminals first register the domain names of misspelled URLs. They will reserve several domains that have a high chance of being misspelled. If the original website is www.buyshoesfree.com, they try to reserve domains like www.buyfreeshoes.com, www.buyshoefree.com, www.buy-shoes-free.com, etc.

Attackers can also target you by sending bad website links to your emails and text messages. When an unsuspecting user clicks on the link, their system is hacked.

Common forms of typosquatting:
Typos, misspellings, alternate spellings, wrong domain extension, combosquatting and similar domains.

Tips to protect yourself from typosquatting

Never click on an unknown link on social media sites.

Check domain names before clicking on them. Check if a letter is missing in the domain or contains extra words, incorrect spelling, etc.

For added security, always bookmark websites that you visit frequently.

Never click on links in unexpected emails, text messages or chat messages.

If in doubt about the real domain of the website, go to the trusted search engine and search to access the website.

Use voice recognition software to access popular URLs.

Last but not the least, it is advisable to have genuine antivirus software that always protects your system from such attacks.

Article first published: Thursday, May 5, 2022, 7:33 p.m. [IST]

]]>
URL hijacking: Explained: what is typosquatting or URL hijacking and how to protect against it https://pasttorrent.com/url-hijacking-explained-what-is-typosquatting-or-url-hijacking-and-how-to-protect-against-it/ Mon, 02 May 2022 15:56:00 +0000 https://pasttorrent.com/url-hijacking-explained-what-is-typosquatting-or-url-hijacking-and-how-to-protect-against-it/ Typosquatting is a type of cyberattack where the Pirates trying to trick internet users with a fake website which has a URL similar to the real one, with a “typo” or error in the address. Users who type in a web address without paying attention to what they are typing are potential victims of such […]]]>
Typosquatting is a type of cyberattack where the Pirates trying to trick internet users with a fake website which has a URL similar to the real one, with a “typo” or error in the address. Users who type in a web address without paying attention to what they are typing are potential victims of such an attack, as they are tricked into clicking on a malicious website link. They can also access these websites via Phishing links sent to them.
In such an attack, when the user lands on a malicious site, the hackers have different approaches to harm. They could steal your banking credentials or generate revenue, as these bogus sites can be landing pages for various forms of advertisements. Businesses can also be affected by URL Hacking because they lose customers that way.
Typosquatting is also known by other names like URL hijacking, fake URLs, domain mimicry, or stinging sites.
The way cybercriminals start with Typosquatting is that they first purchase and register a domain name which is a misspelled name of the website of an e-commerce site, bank or other popular sites/ important. They may also opt for multiple domain names to increase their chances of scamming unsuspecting people. Then, they design the web page elements of the fake website to mimic the real website so that customers won’t find anything fishy when they accidentally access it.
For example, the actual website URL could be shopbooksonline.com. A typosquatted variant of the same could be shop-books-online.com or shopbooks-online.com or shpbooksonline.com or shopbooksnline.com. Another example could be google.mailpk.com (fake) when all you want to do is go to google.com.
How to protect yourself from Typosquatting or URL hijacking

  • Be very careful when clicking on links that are part of unknown/suspicious emails, online chats, text messages, etc.

  • Do not click on any links on social media or unknown websites if something seems out of place.

  • Check the link URL of the website you are about to click on by hovering your mouse over it. Check for typos there.

  • Bookmark your frequently visited sites to avoid typing the url every time.

  • Do not open attachments from emails from unverified sources.

  • If you need to enter text, first go to a trusted search engine and enter the website address there. Do not type directly into the address bar.

  • If you think you have somehow landed on a fake website (assuming you realized it before entering sensitive details there), immediately close the browser.
  • Invest in a paid antivirus solution for your devices to minimize the risk of such cyberattacks.

]]>