Live
- Udupi MP seeks more key highways on top priority
- New diet plan rolled out at welfare hostels
- HRF demands for nation-wide caste census
- SP launches Medicover family health card
- Chiranjeevi Visits Allu Arjun for Lunch Amid Ongoing Legal Turmoil
- Covid ‘scam’ FIR row: Congress pursuing politics of vengeance, says BJP
- Decades-old temple re-opens after 46 years in Sambhal
- Chandrababu to Inspect Polavaram project amid security measures tomorrow
- Aaditya Thackeray Calls For EOW Probe Into Mumbai's Rs 7,000 Crore Road Project
- Omar Abdullah Urges Congress To Earn INDIA Bloc Leadership Role
Just In
Kaspersky Lab warns LinkedIn of potential spear phishing
Kaspersky Lab Warns LinkedIn Of Potential Spear Phishing. Last November Kaspersky Lab researchers contacted Linkedin’s security team, and informed them about the issue. The platform was fixed and the threat has been mitigated. The security issue could pose a major threat to its 360+ million users.
Last November Kaspersky Lab researchers contacted Linkedin’s security team, and informed them about the issue. The platform was fixed and the threat has been mitigated. The security issue could pose a major threat to its 360+ million users. Because LinkedIn attracts so many people in the business community, a security flaw such as this one could help attackers to efficiently execute spear phishing campaigns, steal credentials and potentially gain remote control over selected victims without needing to resort to social engineering.
“While certain HTML content should be restricted and we have issued a fix and thanked Kaspersky researchers; the likelihood of exploit on popular modern email platforms is unlikely.” says David Cintz, Senior Technical Program Manager at Linkedin security ecosystem.
FYI Please :)
Social platforms are a big target for hackers. A business-oriented social platform that gives details of millions of business men and women, along with their titles, colleagues, career information and more, could be extremely valuable. It’s not difficult to target a user, and exploiting that information is just a single comment away.
Injecting a malicious comment into a user’s post thread will automatically launch a notification to his email account, regardless of the email provider or connection hierarchy between the victim and the attacker.
Although it seems that the application server had escaped the dangerous characters, the payload is only escaped from the main application.
In the worst case scenario, if an email provider fails to properly escape the content of an incoming email, the attacker can leverage the issue to execute a malicious JavaScript injection attack, also known as Stored XSS.
Another scenario might involve using an associated HTML form to collect information about the victim or redirect the victim to a site where a malicious executable can be downloaded.
How to prevent yourself from becoming a victim:
1.Use an advanced Internet Security solution to filter out dangerous redirections to servers that contain malware, phishing and more. If a solution is already installed, keep it updated at all times.
2.Opening an attachment or following a link in an email – even from a known party – might contain malicious content. Be very wary before making the decision to open it.
3.Do not register to social platforms with your corporate email account.
© 2024 Hyderabad Media House Limited/The Hans India. All rights reserved. Powered by hocalwire.com