Drupal, Microsoft, & NSA – Paul’s Security Weekly #556

In the news, Microsoft built its own custom Linux OS to secure IoT devices, another critical flaw found in Drupal CorePatch your sites immediately, Facebook plans to build its own chips for hardware devices, NSA reveals how it beats 0-days, and more on this episode of Paul’s Security Weekly! Paul’s Stories Microsoft built its own […]
The post Drupal, Microsoft, & NSA – Paul’s Security Weekly #556 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/jvyeJ9VmoUU/

Dot-cm Typosquatting Sites Visited 12M Times So Far in 2018

A story published here last week warned readers about a vast network of potentially malicious Web sites ending in “.cm" that mimic some of the world’s most popular Internet destinations (e.g. espn[dot]cm, aol[dot]cm and itunes[dot].cm) in a bid to bombard hapless visitors with fake security alerts that can lock up one’s computer. If that piece lacked one key detail it was insight into just how many people were mistyping .com and ending up at one of these so-called "typosquatting" domains.
On March 30, an eagle-eyed reader noted that four years of access logs for the entire network of more than 1,000 dot-cm typosquatting domains were available for download directly from the typosquatting network’s own hosting provider. The logs — which include detailed records of how many people visited the sites over the past three years and from where — were deleted shortly after that comment was posted here, but not before KrebsOnSecurity managed to grab a copy of the entire archive for analysis.

Link: https://krebsonsecurity.com/2018/04/dot-cm-typosquatting-sites-visited-12m-times-so-far-in-2018/

Omitting the “o” in .com Could Be Costly

Take care when typing a domain name into a browser address bar, because it’s far too easy to fat-finger a key and wind up somewhere you don’t want to go. For example, if you try to visit some of the most popular destinations on the Web but omit the “o" in .com (and type .cm instead), there’s a good chance your browser will be bombarded with malware alerts and other misleading messages — potentially even causing your computer to lock up completely. As it happens, many of these domains appear tied to a marketing company whose CEO is a convicted felon and once self-proclaimed "Spam King."

Link: https://krebsonsecurity.com/2018/03/omitting-the-o-in-com-could-be-costly/

Facebook, Equifax, UpGuard, and Microsoft – Hack Naked News #165

This week, Michael talks about Facebook’s CSO Alex Stamos, Equifax, UpGuard’s new security tool, and Microsoft lifts update embargo on Windows 10. Jason Wood explains why you should build your own security tools in the expert commentary. News Facebook in the news Facebook CSO Alex Stamos to leave the company FTC is reportedly investigating Facebook’s use […]
The post Facebook, Equifax, UpGuard, and Microsoft – Hack Naked News #165 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/jrap4zWzvqI/