More results...
Before deciding on a home security system, it’s important to consider the features offered and your personal needs. Hundreds, if not thousands, of home security options are available to consumers, which can make selecting a system overwhelming. According to Consumer Affairs, over 30 million households in the US have a home security system, but only […]
Netcraft has recently observed that criminals abused SendGrid’s services to launch a phishing campaign impersonating SendGrid itself. The well-known provider, now owned by Twilio, makes sending emails at scale simple and flexible. In addition to scale, the promise of high deliverability and feature-rich tools make Sendgrid a sought-after service for legitimate businesses and a likely target for criminals.
The campaign observed uses a variety of complex lures, such as claiming the victim’s account has been suspended while its sending practices are reviewed or that the victim’s account is marked for removal due to a recent payment failure, combined with other SendGrid features to mask the actual destination of any malicious links.
Screenshot of one of the phishing emails seen by Netcraft in the campaign.
The criminals behind the campaign used SendGrid’s click-tracking feature, with the malicious link masked behind a tracking link hosted by SendGrid. As the actual destination link is encoded in a URL parameter, even technically savvy recipients cannot determine its destination without following it.
https://u684436[.]ct[.]sendgrid.net/ls/click?upn=MlKqR181cN-2FwVofVyYroZohPHYCFmcOANwhWCUdTCBwPOc8txaiCuzTlogC05KN3LNFQ-2BuY0GGAqsU1nral07J5ZAzdZaZBAuJ7sV0-2BXHfumQD5I7-2FksS6M-2Bkp-2BkG47JcUbzDR8JwfwRM53-2BjxY8Q39KSfdEFQ9435uyTBM5TtspkyY3jUnvibv5C-2BopzMIluG2QhFh3lCZT2E5thEQQlvnZzjigw0zd2QIpDJ1mDMyGAOP9FKPeH-2BubdRj8uMW7TYzi-2FryttpaWt-2FacBOIgmTucX37Bpzwo8hDwYWOfxtiszu0DQpSrDO3oXpdkl-2B4s7wZAW0B-2FGDFBUzYJTXj74HRI9K2dpGobo82sm-2BazB2pF4rB-2BmwcxWwFL-2FpuLyZHB39O28qMVDOVLLbjWvpdUCCWXeMbVjwqJJJ-2FJJcfiX9cVoMVr52N2vZshdxGLBhIHeg5gMDA8qUev9sXguFrcp8VNlV-2FhMxARF1RUvbSCJCUd-2Faf2xJXq65WP0ikjyx7BLg1hmUr3QcV9IstauGE08g-3D-3DmcLN_IrVKFt61B0RSPoIcLeWyNg52nFk05lKq9QPi-2FlqEDp6KgcjnqupRcHzKcBBn7PVo8-2BxeSCeDL5jOu-2Bx5wws5UKOwmCQCTy6wc-2FTAihp-2FZilUgXpstXJftrsxyCzWfWHkMtlCi92uoep-2BB-2BEJJpbK-2BlDe4wqa-2FR0sOOAlwWz6aTEHqnEACadwVCrFtoPCBG68mO0yF5ItaBS0v1i7sukWtkhsoqWJbxt7FUowSScDsyM-3DExamining the email headers reveals that the phishing emails are sent using SendGrid’s infrastructure:
Received: from s.wfbtzhsv.outbound-mail.sendgrid.net (s.wfbtzhsv.outbound-mail.sendgrid.net [159.183.224.104])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
(No client certificate requested)
by REDACTED (Postfix) with ESMTPS id 684BCE1862
for <REDACTED>; Tue, 12 Dec 2023 18:49:17 +0000 (UTC)SendGrid advertises an “industry-leading 99% delivery rate”. With even legitimate companies sometimes struggling to deliver emails to users’ inboxes successfully, it is easy to see how using SendGrid for phishing campaigns is attractive to criminals.
One giveaway indicates that the emails are not legitimate: while the campaign uses SendGrid’s email servers, the “From:” addresses do not use SendGrid’s domain name. Instead, the emails are sent from a variety of unrelated domain …
In today’s digital landscape, organizations face an unprecedented number of cybersecurity challenges, with one of the most insidious being insider threats. Although such incidents may not be headline-grabbing, they are no less dangerous to the organization when they do occur. Insider threats are particularly challenging because they originate from within the organization itself, often involving […]
The post Behind the Firewall: Understanding and Mitigating Insider Threats appeared first on TCDI.
Ensuring the safety and security of your home is not just about peace of mind; it’s also about creating a space that feels truly secure and protected from potential threats. Windows are critical points in home and business security that demand our attention. In this article, we’ll cover several effective strategies to fortify your windows […]
Security concerns have increased in importance in recent years, which makes investing in a reliable home security system a necessity rather than an added luxury. With so many options available, from DIY setups to professional-grade security services, homeowners are often left at a crossroads, trying to decide between the two. When choosing between a DIY […]
The post Professional Security Cameras vs. DIY: Making the Right Choice for Your Home Security System appeared first on Johns Brothers Security.
In today’s fast-paced world, the lines between our professional and personal lives are increasingly blurred, thanks in no small part to the digital devices that have become near extensions of ourselves. Organizations, large and small, are more connected than ever before as these devices have become integrated in almost every aspect of daily business operations. […]
The post Choosing the Right Setting for Your Digital Forensic Collections appeared first on TCDI.
Whether you are moving to a new neighborhood, considering opening a business in your current state or a different one, or considering opening a business in a specific area, it’s essential to research crime data. Crime is always a concern, and understanding the crime of your intended neighborhood can make or break your final decision. […]
Criminals can now deploy phishing sites on any type of web server, even when commonly used server-side technologies such as PHP are not supported.
Phishing kits are predominantly implemented in PHP, as this provides the server-side functionality required to store and transmit stolen credentials without publicly revealing where they are being sent.
PHP is a widely used platform and is often supported on low-cost or compromised hosting platforms. Consequently, very few phishing kits are implemented in any other server-side language. For example, only a very small number of phishing kits have even been written in ASP.NET to run on Microsoft web servers.
An example of a typical phishing kit. It contains server-side PHP scripts, plus other resources such as fonts, stylesheets, and client-side JavaScript files.
We also see relatively small numbers of kits that do not contain any server-side scripts but do still rely on a PHP script to ultimately process their stolen data. These kits use static HTML pages to impersonate the targeted organisation, with web forms that submit stolen credentials directly from the victim’s browser to a PHP script hosted on a central remote “dropsite”. The PHP script then logs or forwards the stolen credentials to the criminal, typically via email, Telegram or Discord.
However, some recent phishing kits have gone one step further and eliminated the need for PHP scripts anywhere along the chain, thus eliminating a single point of failure that is inherent when hosting your own dropsite.
An example of a PHP-less phishing kit. It contains only images and static HTML pages which submit stolen credentials directly from the victim’s browser to a Telegram chat.
These new kits expand the range of hosting options open to the phisher, as they can be deployed on any static content hosting platform, regardless of what operating system it’s …
In the January 2024 survey we received responses from 1,079,154,539 sites across 270,447,456 domains and 12,337,710 web-facing computers. This reflects a loss of 8.9 million sites, a gain of 1.2 million domains, and a loss of 17,900 web-facing computers.
nginx saw the largest increase of 5.6 million sites (+2.29%) this month. Its market share now stands at 23.21% (+0.71pp). Cloudflare and OpenResty also experienced strong growth this month, gaining 5.1 million (+4.52%) and 3.7 million sites (+3.86%) respectively.
Apache saw the largest loss of 24.8 million sites (-9.98%), reducing its market share to 20.70% (-2.11pp). LiteSpeed lost 1.2 million sites (-2.25%), slightly reducing its market share by 0.07pp to 4.63%.
ca-west-1, in Calgary, Canada on 20th December 2023.
| Developer | December 2023 | Percent | January 2024 | Percent | Change |
|---|---|---|---|---|---|
| nginx | 244,903,710 | 22.51% | 250,509,224 | 23.21% | 0.71 |
| Apache | 248,118,087 | 22.80% | 223,346,407 | 20.70% | -2.11 |
| Cloudflare | 113,499,479 | 10.43% | 118,627,424 | 10.99% | 0.56 |
| OpenResty | 94,737,403 | 8.71% | 98,390,136 | 9.12% | 0.41 |
| Developer | December 2023 | Percent | January 2024 | Percent | Change |
|---|---|---|---|---|---|
| Apache | 39,476,338 | 20.84% | 39,401,334 | 20.48% | -0.36 |
| nginx | 36,176,461 | 19.10% | 35,591,558 | 18.50% | -0.60 |
| Cloudflare | 23,076,699 | 12.18% | 25,731,404 | 13.38% | 1.19 |
| 20,543,756 | 10.85% | 20,010,860 | 10.40% | -0.44 |
For more information see Active Sites.
| Developer | December 2023 | Percent | January 2024 | Percent | Change |
|---|---|---|---|---|---|
| Cloudflare | 223,795 | 22.38% | 224,091 | 22.41% | 0.03 |
| nginx | 207,158 | 20.72% | 207,074 | 20.71% | -0.01 |
| Apache | 203,097 | 20.31% | 202,256 | 20.23% | -0.08 |
| Microsoft | 47,476 | 4.75% | 46,995 | 4.70% | -0.05 |
| Developer | December 2023 | Percent | January 2024 | Percent | Change |
|---|---|---|---|---|---|
| nginx | 4,867,232 | 39.39% | 4,856,088 | 39.36% | -0.03 |
| Apache | 3,183,227 | 25.76% |
…
Several years into your role as a security leader at a company, you’ll reach a point when you ask yourself, “What’s next for me?” This article discusses three ways to proceed if you choose to stay at your current organization. (It was co-authored by Yael Nagler and Lenny Zeltser.) At this point in your CISO tenure, you…