There is a phishing attack that is receiving much attention the past few weeks in the security community.
This variant of a phishing attack uses unicode to register domains that look identical to real domains. These fake domains can be used in phishing attacks to fool users into signing into a fake website, thereby handing over their login credentials to an attacker.
This affects the current version of Chrome browser and the current version of Firefox. This does not affect Internet Explorer or Safari browsers.
As an example to demonstrate how an attacker can register their own domain that looks identical to another company’s domain in the browser, security researchers at Wordfence decided to imitate a healthcare site called ‘epic.com’ by registering their own fake site.
As you can see in the screenshot, both of these domains appear identical in the browser but they are completely different websites. The fake epic.com domain is actually the domain xn--e1awd7f.com but it appears in Chrome and Firefox as epic.com.
This is because the "xn--" prefix is an ‘ASCII compatible encoding’ prefix. It lets the browser know that the domain uses "punycode" encoding to represent Unicode characters. In non-techie speak, this means that if you have a domain name with Chinese or other international characters, you can register a domain name with normal A-Z characters that can allow a browser to represent that domain as international characters in the location bar.
There is a way to disable the dangerous feature in Firefox by turning punycode off, and Chrome has released an update as of last week that fixes the issue, so update immediately.
Sent to us by: Mark Maunder
XPRIZE and the Qualcomm Foundation, during a ceremony held in Hollywood, announced that the Final Frontier Medical Devices team won the Qualcomm Tricorder XPRIZE Competition.
And the winner is… quite possibly, humankind.
Final Frontier, which hails from Philadelphia and was led by emergency room medic Dr. Basil Harris and his brother, George Harris, a network engineer, accepted the $2.6 million top prize.
The Tricorder XPRIZE Competition was established in 2012, challenging anyone or any team to develop a practical, lightweight, mobile, real-world version of Star Trek’s fictional Tricorder that everyday people could use at home, without the presence of a doctor or health care provider, to evaluate health issues.
There were more than 300 teams participating.
The two finalists were Dynamical Biomarkers Group from Taiwan and Final Frontier Medical Devices from Philadelphia. Many clinical solutions offer a 40% accuracy rate, but XPRIZE set a goal of a 70% accuracy rate of testing and user experience. Both groups combined to average 72% accuracy with their devices and 82% positive user experience with the devices.
The winning device is an artificial intelligence-based engine that learns to diagnose medical conditions by integrating learnings from clinical emergency medicine with data analysis from actual patients. The Tricorder includes a group of non-invasive sensors that are designed to collect data about vital signs, body chemistry and biological functions. This information is then synthesized in the device’s diagnostic engine to make a quick and accurate assessment.
DBG was named runner-up and accepted a check for $1 million. Final Frontier/Basil Leaf Technologies won the top prize of $2.6 million.
The Tricorder will be available on retail shelves once it is ready.
Sent to us by: Robbie Ferguson
Nintendo is discontinuing the NES Classic Edition, a plug-and-play console that became popular with collectors as soon as it launched last fall.
A Nintendo representative confirmed that the last shipments of the NES Classic Editions will hit stores this month. Once that stock dries up, retailers will not receive any additional new consoles.
This was the plan all along, according to Nintendo, who told IGN “NES Classic Edition wasn’t intended to be an ongoing, long-term product. However, due to high demand, we did add extra shipments to our original plans.”
The Famicom Classic Edition, the Japanese version of the mini-NES, has also ended production. However, on the web site, they leave some hope saying, "This product has ended production for now. When production is being resumed, we will tell you on our website."
Along with the NES Classic Edition systems, Nintendo will also discontinue the NES Classic Controller. The peripheral is sold separately and compatible with both Wii and Wii U as well. It plugs into the Wii Remote to be used for NES Virtual Console games.
Sent to us by: Jeff Weston
Cybercrooks have begun retailing a new easy-to-use ransomware strain that promises profit with only one successful infection.
The tool, called "Karmen" is being sold on Dark Web forums from Russian-speaking cyber-criminal DevBitox for $175. The new ransomware-as-a-service variant offers a graphical dashboard, allowing purchasers to keep a running tally of the number of infections and their earnings in real time.
The malware requires very little technical skill to deploy, according to threat intelligence company Recorded Future.
Karmen encrypts files on the infected machine using the strong AES-256 protocol, making them inaccessible unless victims pay the attacker for a decryption key.
Keeping up-to-date backups would negate the need to cave into such demands, and remains the best strategy for safeguarding against ransomware infection.
Sent to us by: Roy W. Nash