New Phishing Threat Targeting Chrome and Firefox
A new type of phishing attack has been identified which targets a vulnerability in the current versions of Chrome and Firefox browsers.
Phishing attacks consist of an email sent to users that appears to come from a person or company they know and trust. The bogus email contains a link to a malicious website, and simply visiting the website may be enough to infect their computer. Users may also be tricked into entering passwords or other personal information, which the attacker can use or sell, causing further trouble for the victim.
Using a Spanish “G” or a Russian “T” or any other combination of international characters, attackers can build a domain that appears to be a trusted website, but is actually something else entirely. Currently Chrome and Firefox are the only browsers that automatically translate these addresses, but that doesn’t mean the feature and this associated vulnerability won’t appear in other browsers in the future.
This means that the previously useful tip of checking the address in the browser’s address bar may no longer be an accurate method of ensuring users are on the correct site. It also means that users need to be even more cautious about the links they click and how they get to the sites they use.
The takeaway from this is for users to recognize the importance of not clicking links in unsolicited emails. Even if the email appears to come from a known, trusted source, the link may not be legitimate.
If you receive an email from a company you do business with telling you to click a link and check your account, don’t use the link. Instead, open your browser and type the address to access your account. OR click on the link from your mobile device (phone, tablet, etc). These are the only ways you can ensure the site you’re visiting is the one you intended to visit.
Bear in mind that if you request an email from within one of your accounts (i.e., a password reset or request for information) and receive the email within a few minutes of the request, that is typically a fair indicator that the message is legitimate. But emails arriving from anywhere which you did not initiate should all be considered suspect and treated with caution.
UPDATE: Link to full details from the source. https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/
In a major information security announcement earlier this week, it was revealed that CloudFlare (a large firewall and content distribution service) has been inadvertently leaking data from websites utilizing their services. The data leaks apparently started in September 2016 and were finally discovered and mitigated February 18, 2017.
Potential data exposure includes passwords, website cookies, personal information and a wide variety of other data points.
How Data Surfaced
The data leak was the result of roughly 3,400 websites in CloudFlare’s customer base becoming transmitters of random data from potentially ANY of CloudFlare’s 5.5M customer websites directly into pages and search results. Leaked data would appear as random garbage text/images within pages of the affected sites and within search result text on Google, DuckDuckGo, and other search engines.
What This Means
Anyone visiting any website which used CloudFlare during this time could have been a victim of data exposure. This includes major websites and services like Uber, Salesforce, Cisco, OkCupid, and many others.
Based on the depth and length of this leak, NetTech recommends changing passwords on important accounts and recycling logins on mobile devices. Logging out of apps and back in will reset session validation data that may have been exposed to third parties by such a leak.
NetTech has already recycled all of our hosted website user account sessions as one step to mitigate potential data exposure.
The breadth and impact of data leaked as a result of this security hole may not be seen for weeks or months. We urge our customers, colleagues and friends to update your credentials on any accounts with access to financial or sensitive information.
An in-depth article explaining the details of the leak was written by WordFence, a WordPress cybersecurity provider, and is available at the link below:
The Hacker News channel on YCombinator has the latest insider comments on the leak and its potential impact:
Unified Communications is much more than a tech-industry buzzword. It represents the use of tools and systems that enhance business efficiency and boost employee productivity.
Combining technologies like IP phone systems, instant messaging, and mobile apps, employers are able to reduce downtime resulting from missed connections and eliminate unnecessary travel expenses through teleconferencing. Phone systems shared across multiple business locations make transferring calls effortless, improving customer experiences and reducing hold times.
From cutting-edge technologies that allow calls to be transferred from a desk phone to a mobile phone, to straightforward IP telephony that allows crystal-clear calls over an Internet connection, the future of business communications is bright with possibilities.
At NetTech, we specialize in providing improvements to your business’s communication model. Call us today for a demonstration of what we can help your organization achieve.
Exciting Announcement from NetTech
NetTech, our area’s leading technology services provider, announced today that it has completed a merger of operations with Business Technology Group. The merger provides new growth opportunities for NetTech, as well as strengthens our complementary service lines through new technology offerings.
“This merger allows NetTech to expand our products, services and teams, and strengthens our methodical, proactive approach towards our customers’ technology environments, enabling us to offer true solutions to customer needs, not just products,” said Tom Bullock, President of NetTech.
The principals at Business Technology Group have developed a stellar reputation while delivering successful projects for Ruston area customers year after year. This history makes them a perfect fit for the NetTech team, and we are excited to have them. BTG has long been an area leader in Phone Systems/Service and IP Voice networks, and we look forward to immediately offering these new products to the Monroe area. Further, the added capacity from the merger and the resulting growth of both our ownership and technical teams will allow us to be more proactive in our support, more personal with our customers, and will enhance redundancy among our support personnel and roles.
Again, everyone at NetTech is excited about our new partners Aaron Paul, Tim Soto, and Cody Davis, as well as the whole team at Business Technology Group, and we look forward to a continued relationship with your business.