¿No tienes contraseña de Android? Tranquilo, Skype lo desbloqueaba

Credit to Author: Naked Security| Date: Tue, 08 Jan 2019 14:19:49 +0000

¿Quieres espiar a tu esposa o a tus empleados? ¿Un sospechoso se niega a desbloquear su Android? Hasta hace unas semanas era muy sencillo, podías simplemente coger su teléfono, realizar una llamada de Skype, responder la llamada y después simplemente usarlo sin necesidad de contraseña. En octubre, Florian Kunushevci, un buscador de vulnerabilidades de 19 [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/iukn6oCcsB8″ height=”1″ width=”1″ alt=””/>

Read more

Look-Alike Domains and Visual Confusion

Credit to Author: BrianKrebs| Date: Thu, 08 Mar 2018 16:55:13 +0000

How good are you at telling the difference between domain names you know and trust and imposter or look-alike domains? The answer may depend on how familiar you are with the nuances of internationalized domain names (IDNs), as well as which browser or Web application you’re using. For example, how does your browser interpret the following domain? I’ll give you a hint: Despite appearances, it is most certainly not the actual domain for software firm CA Technologies (formerly Computer Associates Intl Inc.), which owns the original ca.com domain name: https://www.са.com/ Go ahead and click on the link above or cut-and-paste it into a browser address bar. If you’re using Google Chrome, Apple’s Safari, or some recent version of Microsoft’s Internet Explorer or Edge browsers, you should notice that the address converts to “xn--80a7a.com.” This is called “punycode,” and it allows browsers to render domains with non-Latin alphabets like Cyrillic and Ukrainian. Below is what it looks like in Edge on Windows 10; Google Chrome renders it much the same way. Notice what’s in the address bar (ignore the “fake site” and “Welcome to…” text, which was added as a courtesy by the person who registered this domain):

Read more

A massive security flaw discovered in Skype. Fix not coming anytime soon.

Credit to Author: Shriram Munde| Date: Wed, 14 Feb 2018 09:10:30 +0000

Quick Heal Security Labs has recently learned about a serious vulnerability in Skype’s update installer – that’s the bad news. The worse news is, Microsoft is not going to patch the vulnerability anytime soon as this would require the updater to go through a ‘large code revision’. What is this…

Read more

A week in security (June 19 – June 25)

Credit to Author: Malwarebytes Labs| Date: Mon, 26 Jun 2017 15:27:04 +0000

A compilation of security news and blog posts from the 19th to the 25th of June. We touched on topics like Barclays phish, Robux scam, breaking the attack chain and Incident Response.



(Read more…)

The post A week in security (June 19 – June 25) appeared first on Malwarebytes Labs.

Read more