SecurityWeek.com published a piece on hackers abusing Google Tag Manager by injecting HTML or JavaScript code into websites using GTM. These were all ecommerce websites From the article: A legitimate Google service typically used for marketing and usage tracking, GTM relies on containers for embedding JavaScript and other types of resources into websites, and cybercriminals are abusing GTM … [Read more...]
Backed by the government ‘MDBR’ Service Blocks Connections to Malicious Domains
SecurityWeek published a piece on a new domain blocking service. It's a partnership between government agencies and the private sector. The service MDBR seeks to block and report malicious domains, blocking connections to domain names deemed harmful. From the article: A new Malicious Domain Blocking and Reporting (MDBR) service will help organizations improve security by preventing IT … [Read more...]
Attacker gives Amazon fake details from a whois query, and gets real address
A former Amazon software developer had his account information given away by of all companies, Amazon. It seems that this all started with domain registrations, for some reason Eric Springer used the address of a hotel instead of his own. He writes on Medium.com " It’s just a fake address of a hotel that was in the same zip code where I lived. I used it to register some domains, knowing that … [Read more...]
New U.K. Surveillance Bill includes monitoring users’ online habits
BBC.com broke down the details of the new surveillance bill to be passed in the U.K. No surprise there are opinions from all sides with some saying the bill goes too far and are too intrusive, this type of surveillance is not legal in and other European country or the U.S. Those in favor say these measures are needed to keep the country safe. The article goes on to show what is allowed … [Read more...]
Paul Vixie, Member Internet Hall of Fame: “New gTLD program is a Money Grab & Mistake”
Dr Paul Vixie, a member of the Internet Hall of Fame has called the new gTLD program a money grab and a mistake and called out ICANN for allowing it to happen saying it "indicates corruption." ZDNet.com, published a post about Dr. Vixie remarks from the Ruxcon information security conference in Melbourne on Sunday. According to Wikipedia.org, Dr. Vixie is "an Internet pioneer, the author … [Read more...]
BlueCoat Study: Top 10 Shady Sites in New gTLD’s Is Flawed as Unlaunched .Zip is #1
Blue Coat Systems, Inc, an enterprise security company, issued a report today of the 10 new gTLD's that have the most "Shady Sites" (pdf) concluding that "more than 95% of websites in 10 new Top Level Domains (TLDs) are suspicious" The report is already getting a lot of coverage in the mainstream media but there is a huge issue with the report that hasn't been covered. The new gTLD topping … [Read more...]
Click Fraud Malware Can Lead To Bigger Problems
Ashley Carman published an article today on SCMagazine.com that deals with click fraud malware and how it can lead to bigger problems. In her article she referenced a report by Damballa.com that was basically a overview of all potential infections going around the web. The report points out that click fraud malware is usually deemed "low risk" but it can lead to bigger problems. From the … [Read more...]