Security daily (22-08-2020)

Feds warn election officials of potentially malicious ‘typosquatting’ websites

The Department of Homeland Security last week told election officials to be wary of suspicious websites that impersonate federal and state election domains and could be used for phishing or influence operations. The Aug. 11 bulletin distributed by DHS’s Office of Intelligence and Analysis, which CyberScoop reviewed, listed roughly 50 suspicious domains that were purporting to offer information related to voting and elections. “These suspicious typosquatting domains may be used for advertising, credential harvesting and other malicious purposes, such as phishing and influence operations,” the advisory says. “Users should pay close attention to the spelling of web addresses or websites that look trustworthy but may be close imitations of legitimate U.S. election websites.” Typosquatting is an issue that litters the internet and affects every sector because it is cheap and easy for anyone to set up a website that mimics the spelling of a legitimate one. A 2018 study found […] The post Feds warn election officials of potentially malicious ‘typosquatting’ websites appeared first on CyberScoop. (CyberScoop)

How to Install & Use the Ultra-Secure Operating System OpenBSD in VirtualBox

OpenBSD implements security in its development in a way that no other operating system on the planet does. Learning to use the Unix-like operating system can help a hacker understand secure development, create better servers, and improve their understanding of the BSD operating system. Using VirtualBox, the OS can be installed within a host to create a full-featured test environment.

This extremely secure operating system boasts features with which no other OS can compare. While OpenBSD is often regarded as a server OS, it can also be used on the desktop or within a virtual machine and still... more (Null Byte « WonderHowTo)

A Google Drive 'Feature' Could Let Attackers Trick You Into Installing Malware

An unpatched security weakness in Google Drive could be exploited by malware attackers to distribute malicious files disguised as legitimate documents or images, enabling bad actors to perform spear-phishing attacks comparatively with a high success rate.

The latest security issue—of which Google is aware but, unfortunately, left unpatched—resides in the "manage versions" functionality (The Hacker News)


/security-daily/ 23-08-2020 23:44:23