 The U.S. Federal Bureau of Investigation (FBI) issued a public service announcement regarding TLS-secured websites being actively used by malicious actors in phishing campaigns. Internet users are accustomed by now to always look at the padlock next to the web browser's address bar to check if the current page is served by a website secured using a TLS certificate. Users also look for after landing on a website is the "https" protocol designation in front of the hostname which is another hint of a domain being "secure" and the web traffic is encrypted. However, this exposes them to phishing campaigns designed by threat actors to use TLS-secure landing pages which exploit the users' trust to deceive them into trusting attacker-controlled sites and handing over sensitive personal information. "They are more frequently incorporating website certificates—third-party verification that a site is secure—when they send potential victims emails that imitate trustworthy companies or email contacts, " as the FBI says in the PSA. "These phishing schemes are used to acquire sensitive logins or other information by luring them to a malicious website that looks secure." While in a lot of cases bad actors will get their own SSL certificates to secure pages used in their campaigns to try and trick their targets, there is also a lot of them who just abuse pages hosted on cloud services which automatically inherit the certificates. For instance, during the last two months, crooks have been observed while hosting malware and command-and-control servers on Microsoft’s Azure cloud services as well as websites used to deliver tech support scams. Get better informed by visiting OUR FORUM.  VLC Media Player 3.0.7 was released on Friday and contained the most security updates ever in one release of the program. The president of the VideoLan non-profit organization states that this was due to their inclusion in the EU-FOSSA bug bounty program. Last year, the European Commission announced that they were expanding their Free and Open Source Software Audit (FOSSA) project to support bug bounty programs for free and open source programs that they use. As VLC Media Player is one of the products used by the EU Commission, it was added to a bug bounty program at HackerOne where they are sponsored by EU-FOSSA. Jean-Baptiste Kempf, the President of VideoLan and one of the lead developers of the VLC Media Player, says that VLC 3.0.7 has the most security fixes than any other version of their program. "We just released VLC 3.0.7, a minor update of VLC branch 3.0.x," Kempf stated in a blog post. "This release is a bit special because it has more security issues fixed than any other version of VLC." As VideoLan is a non-profit organization offering free software, being able to afford a bug bounty program that can attract security experts is not an easy task. Being sponsored, though, by EU-FOSSA who will pay up to €60,000 in bounties for reported VLC vulnerabilities appears to have created a much greater for security researchers to analyze the program. We have more posted on OUR FORUM.  One would be forgiven for thinking Microsoft just announced a $6000 computer and $1000 stand, as the company’s share price has surged 7% in the last 5 sessions according to Bloomberg, hitting its higher ever valuation in intra-day trades, and closing at above a $1 trillion valuation for the second time ever. Over the same period, Alphabet fell 3.5% and Facebook lost 2.9%. While Apple rose 9%, this was 18.2% below their Oct. 3, 2018, record high. Microsoft is now worth more than $100 billion more than their nearest rival. As has become common, the results are speculated to be due to Microsoft’s limited involvement in the current hostile regulatory environment surrounding large tech companies and also their heavy involvement with enterprise services, which are less liable to be affected by economic downturns. “Management noted Microsoft is better positioned than ever to maintain wallet share of customers through an economic downturn, given the broader budget exposure beyond IT,” Piper Jaffray analyst Alex J. Zukin wrote in a June 5 note. “However, they indicated they were not seeing any signs of an economic slowdown nor any weakness in the economy.” Currently, 36 analysts have a buy rating for Microsoft with an average price target of $143 (7% up from the current close of $131.40), while one rate as hold and 2 recommend selling. “We continue to have a ‘buy it and forget it’ mentality on the stock right now as the company appears to be in midst of secular fundamental growth,” Zukin wrote. Continue following this by visiting OUR FORUM on a regular basis. |
Latest Articles
|