The Hacker News

MARCH 15, 2024

Google on Thursday announced an enhanced version of Safe Browsing to provide real-time, privacy-preserving URL protection and safeguard users from visiting potentially malicious sites.

123

123

SecureBlitz

FEBRUARY 9, 2024

Learn how URL spoofing makes benign applications deadly. That's the insidious nature of URL spoofing, a cyber threat that […] The post How URL Spoofing Makes Benign Applications Deadly appeared first on SecureBlitz Cybersecurity. In the digital age, trust is a currency more valuable than gold.

Cyber threats 84

Cyber threats Cybersecurity 84

Penetration Testing

JANUARY 15, 2024

apk2url apk2url easily extracts URL and IP endpoints from an APK file to a.txt output. This is suitable for information gathering by the red team, penetration testers, and developers to quickly identify endpoints... The post apk2url: quickly extract IP and URL endpoints from APKs appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing 111

Tech Republic Security

JANUARY 10, 2022

The modern world would grind to a halt without URLs, but years of inconsistent parsing specifications have created an environment ripe for exploitation that puts countless businesses at risk.

Risk 211

Risk 211

Penetration Testing

MAY 7, 2024

A random click on the Internet may lead to a URL... The post What is URL Phishing and How to Avoid It appeared first on Penetration Testing. Protecting private information and personal data has become a preference in today’s digital world. Cybersecurity has become more compulsory than it ever was.

Phishing 54

Phishing Penetration Testing Internet Internet 54

Security Boulevard

JULY 15, 2023

One of those ways is to share URLs to content. Continue reading → The post Keeping Track Of URLs Shared On Bluesky appeared first on Security Boulevard. It’s also the largest community of users for the AT Protocol. Folks are using Bluesky much the same way as any online forum/chat. For the moment, it is possible to eavesdrop.

98

98

Bleeping Computer

NOVEMBER 21, 2023

The Criminal IP Threat Intelligence (CTI) search engine has integrated its IP address and URL scans into VirusTotal. Learn more from Criminal IP about how this integration can help you. [.]

Engineering 100

Engineering 100

Malwarebytes

MAY 17, 2022

Threat actors have rediscovered an old and little-used feature of web URLs, the innocuous @ symbol we usually see in email addresses, and started using it to obscure links to their malicious websites. As weird as this URL appears, it is actually valid and acceptable, and your browser will happily parse it for you. Reading the URL.

Phishing 126

Phishing Engineering Mobile Authentication 126

Security Affairs

AUGUST 12, 2023

A severe vulnerability in the Python URL parsing function can be exploited to gain arbitrary file reads and command execution. Researchers warn of a high-severity security vulnerability, tracked as CVE-2023-24329 (CVSS score of 7.5), has been disclosed in the Python URL parsing function that could be exploited to bypass blocklisting methods.

Hacking 83

Hacking Information Security 83

The Hacker News

AUGUST 11, 2023

A high-severity security flaw has been disclosed in the Python URL parsing function that could be exploited to bypass domain or protocol filtering methods implemented with a blocklist, ultimately resulting in arbitrary file reads and command execution.

98

98

Bleeping Computer

MARCH 25, 2022

A set of flaws affecting the world's leading messaging and email platforms, including Instagram, iMessage, WhatsApp, Signal, and Facebook Messenger, has allowed threat actors to create legitimate-looking phishing URLs for the past three years. [.].

Phishing 145

Phishing 145

Security Boulevard

JANUARY 21, 2024

Secure your Indusface WAS vulnerability scan with our guide to URL verification. Confirm ownership and prevent unauthorized access in 3 simple methods The post A Step-by-step Guide to URL Verification in Indusface WAS appeared first on Indusface.

69

69

Malwarebytes

AUGUST 3, 2023

Researchers have found a new phishing tactic which uses Google Accelerated Mobile Pages (AMP) to make URLs look trustworthy. The phishing technique uses the URL of a web page cached by the Google AMP Viewer. Alongside the use of AMP URLs, the researchers also saw: Open redirects on trusted domains like microsoft.com being used.

Phishing 77

Phishing Password Management Passwords Mobile 77

Security Boulevard

JULY 18, 2022

The post Two-Faced Facebook: Foils Privacy Plugins by Encrypting URLs appeared first on Security Boulevard. Facebook is rolling out a new link schema—to fight privacy browsers and privacy plugins.

Encryption 124

Encryption Security Awareness Risk Government 124

Malwarebytes

FEBRUARY 24, 2023

Over the last few days, scammers have been sending out phishing mails that disguise bogus URLs with something called Slinks— shortened Linkedin URLs. The shortened URLs redirect users to a different URL when they are clicked. If you’ve ever seen a Tiny URL, or a Bit.ly

Phishing 96

Phishing Passwords Password Management Scams 96

Bleeping Computer

JUNE 28, 2022

Mozilla Firefox 102 was released today with a new privacy feature that strips parameters from URLs that are used to track you around the web. [.].

Software 130

Software 130

Heimadal Security

JUNE 6, 2022

The post Phishing Campaign Uses Reverse Tunnels and URL Shorteners appeared first on Heimdal Security Blog. If phishing is effective, hostile third parties steal confidential data. Financial or identity theft is committed using stolen information. Hackers use […].

Phishing 117

Phishing Identity Theft Passwords Cybersecurity 117

Bleeping Computer

JUNE 5, 2022

Security researchers are seeing an uptick in the use of reverse tunnel services along with URL shorteners??????? for large-scale phishing campaigns, making the malicious activity more difficult to stop. [.].

Phishing 113

Phishing 113

Threatpost

JANUARY 10, 2022

Dangerous security bugs stemming from widespread inconsistencies among 16 popular third-party URL-parsing libraries could affect a wide swath of web applications.

115

115

Security Boulevard

JULY 5, 2023

Changing the WordPress login URL is a security practice recommended by several WordPress bloggers and security professionals. Even so, many others warn that changing the login URL of your WordPress website does little to thwart attacks. The post How to change your WordPress login URL appeared first on WP White Security.

52

52

Bleeping Computer

SEPTEMBER 12, 2022

URL shortener. You may be familiar with some of the shortest internet domains used by major companies, such as m.me from Facebook (Meta) and Twitter's t.co But, it's possible for live domain names to be even shorter than these choices—and contain no dots. [.].

Internet 98

Internet Internet Technology 98

Hot for Security

MAY 11, 2021

million URLs were taken down in 2020, including: Fake celebrity endorsement scams – 286,213 campaigns taking down 731,080 URLs Fake shops – 139,522 campaigns taking down 222,353 URLs. The agency’s latest annual report highlights a fifteen-fold increase in campaign takedowns compared to 2019.

Scams 121

Scams Phishing Banking Internet 121

SiteLock

AUGUST 27, 2021

Some common attacks, however, can be either noisy or stealthy, just like the notoriously clever URL redirect attack. Cybercriminals use these URL redirection attacks to take advantage of users’ trust. They do this by redirecting traffic to a malicious page using URLs embedded in website code, an.htaccess file, or a phishing email.

Small Business 98

Small Business Firewall Engineering Phishing 98

We Live Security

JULY 20, 2021

The post Some URL shortener services distribute Android malware, including banking or SMS trojans appeared first on WeLiveSecurity. On iOS we have seen link shortener services pushing spam calendar files to victims’ devices.

Banking 145

Banking Malware Mobile 145

Bleeping Computer

FEBRUARY 7, 2021

A new targeted phishing campaign includes the novel obfuscation technique of using Morse code to hide malicious URLs in an email attachment. [.].

Phishing 145

Phishing 145

The Hacker News

NOVEMBER 7, 2022

Security researchers are warning of "a trove of sensitive information" leaking through urlscan.io, a website scanner for suspicious and malicious URLs.

Passwords 90

Passwords 90

Security Boulevard

JULY 11, 2023

The post How Legacy URL Reputation Evasion (LURE) attacks easily bypass current security tech appeared first on Menlo Security. The post How Legacy URL Reputation Evasion (LURE) attacks easily bypass current security tech appeared first on Security Boulevard.

Security Awareness 75

Security Awareness 75

Security Affairs

FEBRUARY 8, 2021

Cybercriminals devised a new phishing technique that leverages the Morse code to hide malicious URLs and bypass defense. Experts spotted a new targeted phishing campaign that leverages a new obfuscation technique based on the Morse code to hide malicious URLs in an email attachment and bypass secure mail gateways and mail filters.

Phishing 113

Phishing Passwords Hacking Information Security 113

Threatpost

FEBRUARY 19, 2021

Sneaky attackers are flipping backslashes in phishing email URLs to evade protections, researchers said.

Phishing 114

Phishing 114

The Hacker News

JANUARY 10, 2022

A study of 16 different Uniform Resource Locator (URL) parsing libraries has unearthed inconsistencies and confusions that could be exploited to bypass validations and open the door to a wide range of attack vectors.

Cybersecurity 108

Cybersecurity 108

Bleeping Computer

FEBRUARY 19, 2021

Brave Browser is fixing a privacy issue that leaks the Tor onion URL addresses you visit to your locally configured DNS server, exposing the dark web websites you visit. [.].

DNS 113

DNS 113

Dark Reading

APRIL 12, 2021

A new campaign abuses legitimate website contact forms to send URLs that ultimately deliver the IcedID banking Trojan.

Banking 140

Banking Malware 140

Security Affairs

NOVEMBER 18, 2020

” Threat actors behind the campaign leverage redirector URLs with the capability to detect incoming connections from sandbox environments. The phishing URLs have an extra dot after the TLD, which is followed by the Base64-encoded email address of the recipient. Pierluigi Paganini. SecurityAffairs – hacking, Office 365).

Phishing 130

Phishing Social Engineering Passwords Security Intelligence 130

Zero Day

FEBRUARY 26, 2021

If users type an URL and they forget to add the HTTP or HTTPS prefix, Chrome will soon use HTTPS by default.

133

133

Security Boulevard

APRIL 6, 2022

The post Make it Available with AWS Lambda’s Function URLs appeared first on Security Boulevard. Having the option of directly opening your Lambda functions to the internet without having to deal with the extra services such as Amazon API Gateway or AWS Elastic Load Balancing has been wanted for a long time.

Internet 64

Internet Internet 64

Naked Security

JUNE 2, 2022

More trouble with special-purpose URLs on Windows.

98

98

Security Affairs

JULY 19, 2020

A vulnerability affecting the Zoom feature dubbed Vanity URL could have been exploited by hackers for phishing attacks. A vulnerability affecting the Zoom feature dubbed Vanity URLs could have been exploited by hackers for phishing attacks. This issue impersonated relevant organizations using the Vanity URL capability.”

Phishing 83

Phishing Advertising Hacking Information Security 83