ICT Security-Sécurité PC et Internet

Scam artists have taken advantage of a contract migration initiative to swindle NFTs out of users in an opportunistic phishing attack.

Last week, NFT marketplace OpenSea announced the rollout of contract migrations and an upgrade to make sure inactive, old NFT listings on Ethereum expire safely and to allow OpenSea to "offer new safety features in the future."

The contract migration timeline was set from February 18 to February 25. 

NFT holders are required to make the change, and OpenSea published a guide to assist them. After the deadline, any listings that were not migrated would expire, although they could be re-listed after this window without further fees. 

However, an attacker saw an opportunity to cash in. Check Point Research has suggested that phishing emails were sent to users, linking them to fraudulent websites.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=blockchain

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=WEB3 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=crypto-currency

The WordPress WP HTML Mail plugin, installed in over 20,000 sites, is vulnerable to a high-severity flaw that can lead to code injection and the distribution of convincing phishing emails.

'WP HTML Mail' is a plugin used for designing custom emails, contact form notifications, and generally tailored messages that online platforms send to their audience.

The plugin is compatible with WooCommerce, Ninja Forms, BuddyPress, and others. While the number of sites using it isn't large, many have a large audience, allowing the flaw to affect a significant number of Internet users.

Security researchers at Sophos have warned of a new phishing campaign targeting Instagram users. And this is a phishing campaign with a devious twist. The attackers mock up what's intended to look like two-factor authentication (2FA) in an attempt to appear legitimate. But it's obviously not 2FA. It's a standard attempt to steal login credentials, to amass usernames and passwords.

The initial phishing attack emails include what looks like a 2FA code. The user is instructed to enter the code when they login to prove their identity. The premise of the attack is that there has been an unauthorized login. The login warning, the email and of course the 2FA code are completely fake—the code just a clever twist to suggest some form of security. The whole thing it spurious, but people will be tricked.

The email link takes users to a fake Instagram login page, described by Sophos as "much more believable" than many of the standard email phishing campaigns uncovered. "We don't like to admit it," the research team reports, "but the crooks thought this one through."

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?&tag=Instagram

Microsofts Browser Protection ist jetzt als Erweiterung auch für Google Chrome verfügbar. Das Add-on fügt dem Browser eine zusätzliche Sicherheitsebene zum Schutz vor schadhaften Links und Phishing-Attacken hinzu.

Windows Defender Browser Protection: Die Schutzfunktion aus Microsoft Edge gibt es jetzt auch als Chrome-Erweiterung.
Microsoft stattet seinen Edge-Browser standardmäßig mit einer Schutzfunktion für das Surfen im Internet aus. Diese soll Nutzer vor bösartigen Links und Phishing-Attacken bewahren. Jetzt bieten die Redmonder ihre Browser Protection auch für Google Chrome als Erweiterung an.

In der Praxis scannt die Windows Defender Browser Protection automatisch angesurfte Webseiten sowie Links und gleicht diese mit einer Blacklist von Microsoft ab. Sobald ein potenziell gefährlicher Link aus der Liste angesteuert wird, spielt die Schutzlösung einen deutlichen Warnhinweis aus. Über eine Schaltfläche lässt sich die Funktion beliebig an- und ausschalten.
Google Chrome verfügt zwar mit Safe Browsing über eine ganz ähnliche Funktion, in einem Test der Sicherheitsspezialisten NSS Labs schnitt die Schutzlösung von Microsoft allerdings deutlich besser ab als das Pendant von Google. Während die zugrundeliegende Technologie aus Microsoft Edge 99 Prozent aller Phishing-Attacken stoppte, erkannte Chrome nur 87 Prozent.

Daneben besitzt auch Firefox eine Protection-Lösung für sicheres Surfen, diese landete mit einer Erkennungsrate von 70 Prozent im Test von NSS Labs auf dem dritten Platz. Für den Open-Source-Browser bietet Microsoft allerdings keine Windows-Defender-Erweiterung an.

Learn more / En savoir plus / Mehr erfahren:

https://gustmees.wordpress.com/2012/05/02/get-smart-with-5-minutes-tutorialsit-securitypart-1-browsers/

https://gustmeesde.wordpress.com/2014/12/16/browser-sind-das-einfallstor-fur-malware-sind-eure-browser-up-to-date/

WannaCry ransomware spreads aggressively across networks, holds files to ransom.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?&tag=RANSOMWARE

http://www.scoop.it/t/securite-pc-et-internet/?&tag=Phishing

A new Google Docs phishing scam just reared its head a few hours ago, and it's spreading like wildfire. Google appears to be taking action to stop it, but in...

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?&tag=Phishing

You may well be one of the millions of internet users who received a dangerous email offering to share a Google Docs file with you.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?&tag=Phishing

A hacker who phished the login credentials of LA County employees is believed to have compromised the personal data of over 750,000 people.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=DATA-BREACHES

If you fail to take proper care, it would be all too easy to type your password into an eNom phishing site and hand control of your website over to a online criminal gang.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Phishing

http://www.scoop.it/t/securite-pc-et-internet/?tag=spear+phishing

A devious, new phishing technique allows adversaries to bypass multi-factor authentication (MFA) by secretly having victims log into their accounts directly on attacker-controlled servers using the VNC screen sharing system.

One of the biggest obstacles to successful phishing attacks is bypassing multi-factor authentication (MFA) configured on the targeted victim's email accounts.

Even if threat actors can convince users to enter their credentials on a phishing site, if MFA protects the account, fully compromising the account still requires the one-time passcode sent to the victim.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Two-factor+authentication

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=2FA

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

A new targeted phishing campaign includes the novel obfuscation technique of using Morse code to hide malicious URLs in an email attachment.

Samuel Morse and Alfred Vail invented morse code as a way of transmitting messages across telegraph wire. When using Morse code, each letter and number is encoded as a series of dots (short sound) and dashes (long sound).

Microsoft has released a Chrome extension named "Windows Defender Browser Protection" that ports Windows Defender's —and inherently Edge's— anti-phishing technology to Google Chrome.

The extension works by showing bright red-colored pages whenever users are tricked into accessing malicious links.

https://gustmees.wordpress.com/2012/05/02/get-smart-with-5-minutes-tutorialsit-securitypart-1-browsers/

https://gustmeesde.wordpress.com/2014/12/16/browser-sind-das-einfallstor-fur-malware-sind-eure-browser-up-to-date/

New ransomware samples of WannaCrypt variants have been discovered in the wild but it is yet to be seen if they pose the same threat as the first ransomware attack wave.

On Friday, at least 47 trusts across England and 13 National Health Service (NHS) services in Scotland were faced with severe disruption as IT services went into lockdown due to the Wanna Decryptor ransomware, also known as WannaCrypt, WanaCrypt0r and WannaCry.

Appointments were cancelled, the general public was urged to not visit NHS Accident & Emergency departments unless absolutely necessary and in some cases, patients were reportedly turned away or moved to other medical establishments as staff were forced to resort to pen-and-paper to try and maintain some order.

IT system provider NHS Digital said in a statement that the attack "was not specifically targeted at the NHS and is affecting organizations from across a range of sectors," words that soon rung true.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?&tag=RANSOMWARE

http://www.scoop.it/t/securite-pc-et-internet/?&tag=Phishing

Cyberkriminelle hatten es mit einer ausgeklügelten Phishing-Attacke auf die Daten von Google-Nutzer abgesehen. Hierbei kamen täuschend echte Fälschungen von Google Docs zum Einsatz.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?&tag=Phishing

Mit einer Phishing-Attacke beispiellosen Ausmaßes haben Hacker zahlreiche Google-Nutzer angegriffen. Die manipulierten E-Mails waren derart gut gefälscht, dass auch Profis sie kaum erkennen konnten. Inzwischen hat Google Gegenmaßnahmen ergriffen.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?&tag=Phishing

With phishing now widely used as a mechanism for distributing ransomware, a new NTT Security reveals that 77% of all detected ransomware globally was in four main sectors – business & professional services (28%), government (19%), health care (15%) and retail (15%).

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?&tag=RANSOMWARE

http://www.scoop.it/t/securite-pc-et-internet/?&tag=Phishing

For the last month attackers have been using a combination of phishing and typosquatting in order to carry out a Bitcoin phishing campaign.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=Ethereum

http://www.wired.com/2016/06/50-million-hack-just-showed-dao-human/

http://www.scoop.it/t/luxembourg-europe/?tag=Bitcoin

http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=blockchain

http://www.scoop.it/t/securite-pc-et-internet/?tag=Phishing