Cyber Security Today, May 19, 2023 – Beware of .zip websites, Dropbox is abused by crooks, infected Android phones and more

Beware of .zip websites, Dropbox is abused by crooks, infected Android phones and more.

Welcome to Cyber Security Today. It’s Friday, May 19th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

 

IT security leaders should regularly warn employees about the risks of downloading unapproved .zip files. Now they have to be warned about going to websites whose addresses end in .zip. Earlier this month Google approved the use of a number of new top-level domains, including one that ends in .zip. So I could get a domain like “www.howard[.]zip”. However, threat actors are already creating malicious websites ending in .zip to take advantage of unsuspecting victims. Researchers at Netcraft say they’ve already found bad websites using this trick, including one named ‘microsoft-office[.]zip’ that goes to a fake Microsoft login page. Make sure your staff knows to stay away from such pages.

Hackers are using free Dropbox accounts to spread malware. Researchers at Avanan detailed how one scheme works: After creating a free Dropbox account the attacker sends a resume as a PDF to a victim. When they click on the PDF they go to Dropbox, which looks legitimate. To view the PDF, the victim has to sign in with their email account credentials. That sends them to a malicious website that looks like Microsoft OneDrive. However, it downloads malware. In addition, the attacker gets the victim’s email login credentials. This scam may fool some IT defence systems that accept DropBox as a non-threatening website. Employees should be warned to be suspicious of resumes they have to log into to view.

Perhaps millions of Android phones sold around the world have been infected during the manufacturing process with malware. That’s according to researchers at Trend Micro. It calls the gang behind this operation Lemon Group, and says over 50 brands of mobile devices have been infected. One is a copy of a premier line of devices from an unnamed major manufacturer. The malware allows the gang to install different plugins, including ones that intercept SMS text messages, steal Facebook and WhatsApp data and push unwanted ads to smartphones. Make sure when you buy an Android phone it comes from a legitimate and trustworthy company or cellphone provider.

Spring is here. And with it people are thinking of summer vacations. McAfee issued a reminder that there are a lot of online travel-related scams. So make sure the hotel, motel or apartment reservation service you use is legitimate. And when you’re on vacation stay away from Wi-Fi networks in airports, restaurants and accommodations. Avoid free USB charging ports at airports and malls as well. One hint: Travel deals that are too good to be true probably are fake.

Finally, Google has issued a patch for its Chrome browser. It closes 12 vulnerabilities. The up-to-date version start in 113 and end in .94.

That’s it for this show. However, later today the Week in Review edition will be out. Guest David Shipley of Beauceron Security and I will discuss recent news including the testimony before a U.S. Senate committee on regulating artificial intelligence, the latest use of facial recognition software and more.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Sponsored By:

Cyber Security Today Podcast