By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

We see lots of phishing attempts for email, bank, PayPal, Credit card and other financial credentials. This one is slightly different than many others and much more involved and complicated, designed to make analysis and blocking by anti-phishing tools much harder. It pretends to be a message from American Express about an error on your account. They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium-sized businesses, with the hope of getting a better response than they do from consumers. Remember many email clients, especially on a mobile phone or tablet, only show the Name in the From: and not the bit in <domain.com >. That is why these scams and phishes work so well. We all get very blasé about phishing and think we know so much that we will never fall for a phishing attempt. Don’t assume that all attempts are obvious. Watch for any site that invites you to enter ANY personal or financial information. It might be an email that says “you have won a prize” or “sign up to this website for discounts, prizes and special offers” All of these emails use Social engineering tricks to persuade you to open the attachments that come with the email. Whether it is a message saying “look at this picture of me I took last night” and it appears to come from a friend or is more targeted at somebody who regularly is likely to receive PDF attachments or Word .doc attachments or any other common file that you use every day. Full details are posted on OUR FORUM.

Exploit code demonstrating a memory corruption bug in Microsoft's Edge web browser has been published today by the researcher that discovered and reported the vulnerability in the first place. The code can lead to remote code execution on unpatched machines. The security bug affects Chakra, the JavaScript engine powering Edge, in a way that could allow an attacker to run on the machine arbitrary code with the same privileges as the logged user. Reported by Bruno Keith of the phoenhex team of vulnerability researchers, the flaw has been marked as having a critical impact by Microsoft on most operating systems it affects. The only systems where it has 'moderate' severity are Windows server editions 2019 and 2016. The proof-of-concept code has 71 lines and results in an out-of-bounds (OOB) memory read leak; the effect may not appear that damaging but an attacker can modify the demo exploit to achieve a more harmful outcome. "Chakra failed to insert value compensation which causes the headSegmentsym to be reloaded but not the headSegmentLength sym, we, therefore, accessed the new buffer with the wrong length checked," explains a comment in the demo code. For more turn to OUR FORUM.

Everyone by now is familiar with the specific kind of partisan rage that manifests on Facebook, particularly with the kind of tailored memes meant to incite political outrage that finds a home on its platform. But according to a report from the Wall Street Journal, Facebook mulled a tool meant to facilitate greater tolerance among those with opposing political beliefs before it was reportedly stalled by Facebook’s Vice President of Global Public Policy Joel Kaplan. Citing sources familiar with the matter, the Journal reported Sunday that Kaplan, who memorably pissed off Facebook staff after supporting Brett Kavanaugh, objected to the so-called called “Common Ground” project over concerns that the endeavor would prompt allegations of political bias against conservatives. The project “involved several potential products meant to minimize toxic content and encourage more civil discussion,” per the Journal: The Wall Street Journal writes read more on our Forum

Chinese IT giant Huawei has reportedly found itself in the cross hairs of the Western intelligence network that is seeking to curb its growth. Speaking to Sputnik, academics explained their scepticism over the alleged security threat posed by Chinese high-tech companies.
"Scepticism is healthy and somewhat justified as it would not be the first time that national security interests have been used as a smokescreen for protectionism", Professor Peter Robertson of the University of Western Australia Business School told Sputnik, commenting on the "Five Eyes" intelligence-sharing network's reported incentive to contain China's high-tech giant Huawei.
The academic added that "it also wouldn't be surprising to find that there are commercial interests lobbying government in the US and elsewhere". read more on our Forum

Extortion emails are getting wilder and wilder. First, we had sextortion scams that threatened to reveal victims doing dirty deeds on video, then bomb threats, which brought the worldwide attention of law enforcement, and now we have threats that a hitman is targeting the recipient unless they pay $4,000 in bitcoin. These emails started appearing this week and have a subject line similar to "Pretty significant material for you right here 17.12.2018 08:33:00". The content of the emails are written in poor English and grammar and state that the sender is the owner of a Dark Web site that offers different kinds of services for a fee. The email goes on to say that someone came to the site to hire a hitman to target the recipient for an "instant and pain-free" execution. The owner of the site, though, is willing to call the hitman off if they receive $4,000 in bitcoin. As an extra bonus, they will also "remove the hitman". The enclosed bitcoin address has not received any ransom payment and will most likely not due to its poor execution and threat of physical harm. If anything, similar to the bomb threats, these will just be reported to law enforcement. Once again, if you receive an email like the one above, this is a scam and you are not being targeted by a hitman. Instead you are being targeted by an extortionist who is looking to make a quick buck by trying to scare the living daylights out of you. For more follow the provided link.

Open-source startup Whitewater Foundry has unveiled WLinux Enterprise. WLinux Enterprise is the first product to support the industry-standard Red Hat Enterprise Linux on Windows Subsystem for Linux, allowing companies to integrate and deploy the most stable, secure, and reliable Linux distribution with Windows 10. WLinux Enterprise unleashes developers and IT staff productivity by giving them access to the Linux command line and development tools they need in today's cloud, hybrid, and cross-platform environments, including Git, OpenSSH, Node.js, Python, Go, Ruby, AWS and Azure cloud command-line tools, and more, directly on Windows 10, alongside existing Windows applications. WLinux Enterprise accomplishes this in a cost-effective and secure approach by deploying Linux on Windows devices companies already own within Windows networks they already have deployed, reducing the burden of managing a mixed OS environment and eliminating unsecure device usage. read more on our Forum

 

GTranslate