InfoSecBulletin Cybersecurity for mankind
Generally scanning a malicious QR code from an unknown source can be harmful. Cisco Talos research shows that many people underestimate potential threats. Anti-spam filters can’t detect QR codes in images, allowing many spam emails to go unnoticed. While only 1 in 500 emails contains a QR code, around 60% of those are spam.
QR code phishing, or “quishing,” is a growing threat that mimics real websites to steal personal and payment information. For instance, fraudsters have been seen placing QR stickers on parking meters to trick people into entering their payment details into fake parking apps.
CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed
ALERT
Thousands of IP addresses compromised nationwide: CIRT warn
New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries
Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks
Critical RCE Flaw Patched in Roundcube Webmail
Hacker claim Leak of Deloitte Source Code & GitHub Credentials
CISA Issued Guidance for SIEM and SOAR Implementation
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora
Australia enacts mandatory ransomware payment reporting
Why Govt Demands Foreign CCTV Firms to Submit Source Code?
Talos issued a warning about malicious QR code emails that send fake multi-factor authentication requests to steal user credentials.
QR codes in emails account for only 0.1% to 0.2% of all emails, yet Talos discovered they often bypass anti-spam filters, allowing users to see them in their inboxes more frequently than anticipated.
Malicious URLs can be ‘defanged’ by altering the protocol from ‘http’ to ‘hxxp’ or by placing brackets around a dot in the URL. This prevents browsers from activating the link and helps users avoid accidentally clicking it. This issue is less prevalent with QR codes.
