anti-phishing techniques | Breaking Cybersecurity News | The Hacker News

Cybersecurity researchers today highlighted an evasive phishing technique that attackers are exploiting in the wild to target visitors of several sites with a quirk in domain names, and leverage modified favicons to inject e-skimmers and steal payment card information covertly. "The idea is simple and consists of using characters that look the same in order to dupe users," Malwarebytes researchers said in a Thursday analysis . "Sometimes the characters are from a different language set or simply capitalizing the letter 'i' to make it appear like a lowercase 'l'." Called an internationalized domain name (IDN) homograph attack , the technique has been used by a Magecart group on multiple domains to load the popular Inter skimming kit hidden inside a favicon file . The visual trickery typically involves leveraging the similarities of character scripts to create and register fraudulent domains of existing ones to deceive unsuspecting users into...

Google Chrome browser's new Anti-Phishing Password Alert extension is in controversies right after its launch last Wednesday, but now the search engine giant has effectively pulled off Password Alert from its store. Password Alert was not bypassed once, twice, but every time Google introduced a new updated version of the extension. Google developed this Password Alert Chrome extension in an effort to alert Internet users whenever they accidentally enter their Google password on a carefully crafted phishing website that aimed at hijacking users' account. Here's the worst part: However, the first version of Password Alert was bypassed in less than 24 hours of its launch.  Security expert Paul Moore from UK-based Urity Group quickly circumvented the Anti-Phishing technology by pure JavaScript code of seven lines. Since then Google released Password Alert version 1.4, version 1.5 and version 1.6, but… ...all of them were bypassed, keeping users unaw...

The problem is simple: all breaches start with initial access, and initial access comes down to two primary attack vectors – credentials and devices. This is not news; every report you can find on the threat landscape depicts the same picture.  The solution is more complex. For this article, we'll focus on the device threat vector. The risk they pose is significant, which is why device management tools like Mobile Device Management (MDM) and Endpoint Detection and Response (EDR) are essential components of an organization's security infrastructure. However, relying solely on these tools to manage device risk actually creates a false sense of security. Instead of the blunt tools of device management, organizations are looking for solutions that deliver device trust . Device trust provides a comprehensive, risk-based approach to device security enforcement, closing the large gaps left behind by traditional device management solutions. Here are 5 of those limitations and how to ov...