InfoSecBulletin Cybersecurity for mankind
Generally scanning a malicious QR code from an unknown source can be harmful. Cisco Talos research shows that many people underestimate potential threats. Anti-spam filters can’t detect QR codes in images, allowing many spam emails to go unnoticed. While only 1 in 500 emails contains a QR code, around 60% of those are spam.
QR code phishing, or “quishing,” is a growing threat that mimics real websites to steal personal and payment information. For instance, fraudsters have been seen placing QR stickers on parking meters to trick people into entering their payment details into fake parking apps.
Hacker reportedly leak Indonesia Gov.t 82 GB data
BCSI officially announce National Vulnerability Disclosure Program (NVDP)
CVE-2024-9474
Researcher unveil sophisticated backdoor in Palo Alto Networks firewalls
New G-Door Vul Allow Hackers Bypass Microsoft 365 Security With Google Docs
CVE-2024-53961
Adobe alerts of critical ColdFusion bug with PoC exploit available
Splunk targets Bangladeshi market: Investing in local talent
Critical PHP Zero-Day Vulnerability found in Craft CMS To Gain RCE
For US$2.6bn, Mastercard acquires threat intelligence firm Recorded Future
Eight New ICS Advisories released by CISA
Authority Denies
Hacker claim ransomware attack on Indonesia’s state bank BRI
Talos issued a warning about malicious QR code emails that send fake multi-factor authentication requests to steal user credentials.
QR codes in emails account for only 0.1% to 0.2% of all emails, yet Talos discovered they often bypass anti-spam filters, allowing users to see them in their inboxes more frequently than anticipated.
Malicious URLs can be ‘defanged’ by altering the protocol from ‘http’ to ‘hxxp’ or by placing brackets around a dot in the URL. This prevents browsers from activating the link and helps users avoid accidentally clicking it. This issue is less prevalent with QR codes.
