Saturday, April 22, 2017

Cyber Updates - 22/04

Hey all,
Here are this week's cyber updates:

(1) Browsers use Punycode encoding in order to represent Unicode characters in the URL and protect against Homograph phishing attacks.
Google Chrome, Mozilla Firefox and Opera were vulnerable to a phishing attack due to a flawed implementation of the above encoding. The loophole relies on the fact that if someone chooses all characters for a domain name from a single foreign language character set, resembling exactly the same as the targeted domain, then browsers will render it in the same language, instead of the Punycode format.
This has allowed attackers to redirect users to a website while presenting a different URL in the address bar.
Here are all the details:

(2) Last week we’ve reported a security incident in Marriott. This week it is IHG’s turn to reach the headlines. The company was infected with a malware that searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) from the magnetic stripe of a payment card as it was being routed through the affected hotel server. 

Be sure to check your credit card transactions if you stayed at an IHG hotel on or after September 29, 2016.

A list of affected hotels can be found in the following URL: https://www.ihg.com/content/us/en/customer-care/protecting-our-guests/property-listing

Stay tuned for more updates,
Dan Gurfinkel
Head of Offensive Security & Response Unit