A Risky Trade-off: User Experience vs. Cybersecurity
Still recovering from the long holiday weekend? Get current on the interesting headlines in cybersecurity in just 5 minutes:
Watch now:
New Google Top-Level Domains
Google Registry has recently introduced eight new top-level domains (TLDs) to add excitement, self-expression, and creativity to your web experience– and more likely stress for cybersecurity teams, too. Examples of the new top-level domains include .dad, domains that reflect your credentials, like .prof or .phd; techie domains, such as .foo, plus some troublesome additions, including .zip and .mov. The .zip and .mov domains are especially prompting concern in the cybersecurity community about internet security and new attack vectors, specifically sly phishing campaigns, malware installations, or other malicious activities. Because the new domains are already approved and available for use, internet services and mobile apps will be forced to treat text snippets such as “test.zip” and “test.mov” like proper URLs and open in a web browser. Reportedly, cybercriminals have already started to exploit the new top-level domains, creating a now-defunct phishing page at microsoft-office(dot)zip.
Weigh-in: ?Is Google prioritizing creativity over cybersecurity? Should Google be more cautious, given today’s complex threat landscape?
Microsoft Threat Intelligence Report Warnings
Microsoft is warning businesses about new tactics scammers are using to up their phishing game.?
According to Microsoft’s new threat intelligence report, business email compromise attacks are rising. Microsoft’s Threat Intelligence Digital Crimes Unit detected 35 million business email compromise attempts between April 2022 and April 2023, which amounts to an average of 156,000 attacks per day. The most common type of phishing email is a lure or an attempt to get the recipient to perform a simple task, accounting for 62% of business phishing emails.
And hackers are getting more sophisticated in their tactics, too. Specifically, hackers are now purchasing residential IP addresses close to the businesses they’re targeting to avoid Impossible Travel flags. Impossible travel flags identify potentially suspicious activity, such as when a user connects from two different geographical locations at two different times, and the time between couldn’t have been accomplished through normal air travel.? However, hackers can get around that flag by using a localized IP address.
领英推荐
Weigh-in: Are impossible travel flags becoming an obsolete security measure against sophisticated hackers? Should organizations adopt more robust authentication methods to counter the exploitation of localized IP addresses?
PyPI User Alert
The default software registry for Python developers has temporarily suspended new users from signing up and new projects from being uploaded to the platform. The unexpected shutdown comes from an influx of malicious users and packages, which has outpaced PyPI’s ability to respond. Per company authorities, the freeze prevents threat actors from potentially using the PyPI platform to distribute malware and is a proactive move until a more permanent solution can be found. PyPI experienced problems earlier this year with malicious code in some of their packages, including the Color-Blind malware and info-stealer trojans. PyPI says the temporary pause is unlikely to impact existing maintainers of Python packages available on the registry from publishing newer versions of their artifacts.
KeePass User Alert
For those using open source password manager KeePass, a new vulnerability was discovered that allows attackers to extract the master password directly from the software’s memory. Vulcan Cyber researchers said the vulnerability presents an exploitable loophole that compromises the primary key to unlock the user’s password database. KeePass plans to issue a patch by early June.
Got comments to share from today's stories? We want to hear from you! Drop them below. ????
All information is current as of May 22, 2023. Subscribe to receive future episodes as they are released or visit CyberGRX.com for additional risk management content.