Advanced Web Hacking | Breaking Cybersecurity News | The Hacker News

Cybersecurity researchers today highlighted an evasive phishing technique that attackers are exploiting in the wild to target visitors of several sites with a quirk in domain names, and leverage modified favicons to inject e-skimmers and steal payment card information covertly. "The idea is simple and consists of using characters that look the same in order to dupe users," Malwarebytes researchers said in a Thursday analysis . "Sometimes the characters are from a different language set or simply capitalizing the letter 'i' to make it appear like a lowercase 'l'." Called an internationalized domain name (IDN) homograph attack , the technique has been used by a Magecart group on multiple domains to load the popular Inter skimming kit hidden inside a favicon file . The visual trickery typically involves leveraging the similarities of character scripts to create and register fraudulent domains of existing ones to deceive unsuspecting users into...

Are you looking to master web hacking? Interested in a bug-hunting career? Do you want to land a job in cybersecurity? Are you already working as a security engineer, but want to further advance or refine your skills? If yes, read on. ZDResearch Advanced Web Hacking (AWH) course, including optional certification upon completion—is the answer. Last week, we sat with the ZDResearch training team and asked them a few questions to learn more about their "Advanced Web Hacking" course and understand how it could be a better choice for you. Can you tell us a little about ZDResearch? ZDResearch is a cybersecurity firm with more than 6 years of experience, having some of the world's top hackers and security researchers committed to engineering engaging and approachable courses to the most technical of topics. In the ZDResearch Advanced Web Hacking Course, the greenhorn, the novice, or the pro will benefit. Those selected to work for ZDResearch, and its department de...