IDN – Computer Security Articles

No man’s land: How a Magecart group is running a web skimming operation from a war zone

July 18, 2019 admin bulletproof, cybercrime, exfiltration, gate, hosting, IDN, luhansk, Magecart, Magento, skimmers, sniffers, swipers, Ukraine

Credit to Author: Threat Intelligence Team| Date: Thu, 18 Jul 2019 15:00:13 +0000

We take a look into a Magecart group’s web skimming activities, which are relying on a bulletproof-friendly host in battle-scarred Luhansk, Ukraine to provide cover for their activities, safe from the reach of law enforcement and the security community.

Categories:

Cybercrime

Tags: bulletproof exfiltration gate hosting IDN luhansk Magecart magento skimmers sniffers swipers ukraine

Independent Krebs

Half of all Phishing Sites Now Have the Padlock

November 26, 2018 admin A Little Sunshine, Bibox, IDN, internationalized domain names, John LaCour, Latest Warnings, phishing, PhishLabs, Punycode, SSL

Credit to Author: BrianKrebs| Date: Mon, 26 Nov 2018 14:57:53 +0000

Maybe you were once advised to “look for the padlock” as a means of telling legitimate e-commerce sites from phishing or malware traps. Unfortunately, this has never been more useless advice. New research indicates that half of all phishing scams are now hosted on Web sites whose Internet address includes the padlock and begins with “https://”.

Independent Krebs

Look-Alike Domains and Visual Confusion

March 8, 2018 admin alex holden, Apple Safari, CA, CA Technologies, ca.com, Computer Associates, Google Chrome, Hold Security, IDN, internationalized domain names, Latest Warnings, look-alike domains, mozilla firefox, phishing, Punycode, skype, The Coming Storm, Twitter, unicode, Web Fraud 2.0, xn--80a7a.com

Credit to Author: BrianKrebs| Date: Thu, 08 Mar 2018 16:55:13 +0000

How good are you at telling the difference between domain names you know and trust and imposter or look-alike domains? The answer may depend on how familiar you are with the nuances of internationalized domain names (IDNs), as well as which browser or Web application you’re using. For example, how does your browser interpret the following domain? I’ll give you a hint: Despite appearances, it is most certainly not the actual domain for software firm CA Technologies (formerly Computer Associates Intl Inc.), which owns the original ca.com domain name: https://www.са.com/ Go ahead and click on the link above or cut-and-paste it into a browser address bar. If you’re using Google Chrome, Apple’s Safari, or some recent version of Microsoft’s Internet Explorer or Edge browsers, you should notice that the address converts to “xn--80a7a.com.” This is called “punycode,” and it allows browsers to render domains with non-Latin alphabets like Cyrillic and Ukrainian. Below is what it looks like in Edge on Windows 10; Google Chrome renders it much the same way. Notice what’s in the address bar (ignore the “fake site” and “Welcome to…” text, which was added as a courtesy by the person who registered this domain):