By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Microsoft security researchers discovered an unusual phishing campaign which employs custom 404 error pages to trick potential victims into handing out their Microsoft credentials. To do this, the attackers register a domain and instead of creating a single phishing landing page to redirect their victims to, they configure a custom 404 page which shows the fake login form. This allows the phishers to have an infinite amount of phishing landing pages URLs generated with the help of a single registered domain. "The 404 Not Found page tells you that you’ve hit a broken or dead link – except when it doesn’t," says Microsoft's research team. "Phishers are using malicious custom 404 pages to serve phishing sites. A phishing campaign targeting Microsoft uses such technique, giving phishers virtually unlimited phishing URLs." "Phishers are using malicious custom 404 pages to serve phishing sites. A phishing campaign targeting Microsoft uses such technique, giving phishers virtually unlimited phishing URLs." The custom 404 error pages these attackers use to harvest their victims' credentials are perfectly camouflaged as legitimate Microsoft account sign-in pages, down to the smallest details. All the links on the phishing page, including the ones at the bottom and the ones used to access one's Microsoft account and to create a new one, are directing straight to official Microsoft login forms in an effort to make targets less suspicious. The only elements missing from the phishing page are the "Sign-in options" link above the "Next" button and the cookies notification at the top of the page. "Because the malformed 404 pages are served to any non-existent URL in an attacker-controlled domain, the phishers can use random URLs for their campaigns," adds Microsoft. "We also found that the attackers randomize domains, exponentially increasing the number of phishing URLs." Learn more by visiting OUR FORUM.

A new Bluetooth vulnerability named "KNOB" has been disclosed that allow attackers to more easily brute force the encryption key used during pairing to monitor or manipulate the data transferred between two paired devices. In a coordinated disclosure between Center for IT-Security, Privacy and Accountability (CISPA), ICASI, and ICASI members such as Microsoft, Apple, Intel, Cisco, and Amazon, a new vulnerability called "KNOB" has been disclosed that affects Bluetooth BR/EDR devices, otherwise known as Bluetooth Classic, using specification versions 1.0 - 5.1. This flaw has been assigned CVE ID CVE-2019-9506 and allows an attacker to reduce the length of the encryption key used for establishing a connection. In some cases, an attacker could reduce the length of an encryption key to a single octet. "The researchers identified that it is possible for an attacking device to interfere with the procedure used to set up encryption on a BR/EDR connection between two devices in such a way as to reduce the length of the encryption key used," stated an advisory on Bluetooth.com. "In addition, since not all Bluetooth specifications mandate a minimum encryption key length, it is possible that some vendors may have developed Bluetooth products where the length of the encryption key used on a BR/EDR connection could be set by an attacking device down to a single octet." This reduction in key length would make it much easier for an attacker to brute force the encryption key used by the paired devices to communicate with each other. Once the key was known to the attackers, they could monitor and manipulate the data being sent between the devices. This includes potentially injecting commands, monitoring keystrokes, and other types of behavior. Full details are posted on OUR FORUM.

The company launches FastTrack for Windows 10 guidance, providing experts who can talk through deployment scenarios with partners. Microsoft Monday unveiled a new benefit for partners that are moving customers from Windows 7 to Windows 10, with the company now offering expert assistance around Windows 10 deployments. The end of support date for Windows 7 is set for Jan. 14, 2020, and Microsoft has made a series of investments to help with the transition, said Bob Davis, corporate vice president for Microsoft 365, in a blog post. The latest of these investments is the launch of FastTrack for Windows 10 deployment guidance. The benefit takes the form of free expert assistance on Windows 10 deployments for situations where there are at least 150 licenses of an eligible service or plan. "Sometimes you have a complex scenario and aren’t even sure where to start, or you’ve encountered a problem that has your migration stalled. There are times when you need to talk to an expert to get guidance on where to go next," Davis said.  FastTrack, Davis said in the post, will assist with envisioning a technical plan and determining how to deploy new users—and will continue to offer help throughout the deployment.

Researchers often give security vulnerabilities catchy names to help them attract more attention. Many of these monikers seem like nonsense--Heartbleed, Spectre, and Meltdown all sound more like emo bands than security flaws--but apparently the researchers at Eclypsium prefer to be a bit more direct. When the company revealed serious issues with more than 40 drivers on Saturday, it simply titled its report Screwed Drivers. (Catchy.) Eclypsium said it found severe vulnerabilities in drivers from "every major BIOS vendor" as well as the likes of Asus, Toshiba, Nvidia, Intel, AMD, and Huawei, which is pretty bad news. But worse still was the company's realization that all of the insecure drivers had been signed by valid Certificate Authorities and certified by Microsoft. Eclypsium said this means the insecure drivers can be installed "on all modern versions" of Windows despite their flaws. The company also explained that "there is currently no universal mechanism to keep a Windows machine from loading one of these known bad drivers" and that some features "specific to Windows Pro, Windows Enterprise and Windows Server may offer some protection to a subset of users." And that's only if administrators decide to use those features; otherwise, their Windows devices will allow the insecure drivers to be installed anyway. "Vulnerable or outdated system and component firmware is a common problem and a high-value target for attackers, who can use it to launch other attacks, completely brick systems, or remain on a device for years gathering data, even after the device is wiped. Lots more can be found on OUR FORUM.

We take a look at a phishing campaign that pretends to be an "Unusual sign-in activity" alert from Microsoft that could easily trick someone into clicking on the enclosed link. With companies such as Google and Microsoft commonly sending users alerts when unusual activity has been discovered on their account, users may feel its normal to receive them and would then click on the enclosed link. Attackers are capitalizing on this by sending emails that pretend to be "Microsoft account unusual sign-in activity" alerts from Microsoft. When compared to the legitimate email notifications sent by Microsoft, they look almost identical with the same information fields and even the same sender address. What's different, though, is that when you click on the "Review recent activity" email link, instead of going to Microsoft to review your account's sign-in activity, you are brought to a fake landing page on a non-Microsoft site that asks you to log in. When a victim enters their credentials, the information will be saved for the phishers to retrieve later so that they can access your account. No matter what credentials are entered in the fake login form, the user will always be redirected to an error page on Microsoft's live.com site. This is to make it look like there is a problem with your account and that nothing strange is going on. While some users may have felt that the emails are safe because they are coming from a legitimate Microsoft email address, it is always important to remember that the From email address can always be spoofed to be from any account an attacker wants. Therefore, even if a phishing email looks legitimate, it is important to pay attention to the URLs of the landing pages before entering your login credentials in a displayed login form. Follow this thread by visiting OUR FORUM.

A draft executive order from the White House could put the Federal Communications Commission in charge of shaping how Facebook (FB), Twitter (TWTR) and other large tech companies curate what appears on their websites, according to multiple people familiar with the matter. The draft order, a summary of which was obtained by CNN, calls for the FCC to develop new regulations clarifying how and when the law protects social media websites when they decide to remove or suppress content on their platforms. Although still in its early stages and subject to change, the Trump administration's draft order also calls for the Federal Trade Commission to take those new policies into account when it investigates or files lawsuits against misbehaving companies. Politico first reported the existence of the draft. If put into effect, the order would reflect a significant escalation by President Trump in his frequent attacks against social media companies over an alleged but unproven systemic bias against conservatives by technology platforms. And it could lead to a significant reinterpretation of a law that, its authors have insisted, was meant to give tech companies broad freedom to handle content as they see fit. A White House spokesperson declined to comment on the draft order but referred CNN to Trump's remarks at a recent meeting with right-wing social media activists. During the meeting, Trump vowed to "explore all regulatory and legislative solutions to protect free speech." According to the summary seen by CNN, the draft executive order currently carries the title "Protecting Americans from Online Censorship." It claims that the White House has received more than 15,000 anecdotal complaints of social media platforms censoring American political discourse, the summary indicates. The Trump administration, in the draft order, will offer to share the complaints it's received with the FTC. Follow this very important thread on OUR FORUM.

 

GTranslate