Cyber Updates – 22/04

Cyber Updates – 22/04

Hey all,
Here are this week’s cyber updates:
(1) Browsers use Punycode encoding in order to represent Unicode characters in the URL and protect against Homograph phishing attacks.
Google Chrome, Mozilla Firefox and Opera were vulnerable to a phishing attack due to a flawed implementation of the above encoding. The loophole relies on the fact that if someone chooses all characters for a domain name from a single foreign language character set, resembling exactly the same as the targeted domain, then browsers will render it in the same language, instead of the Punycode format.
This has allowed attackers to redirect users to a website while presenting a different URL in the address bar.
Here are all the details:
(2) Last week we’ve reported a security incident in Marriott. This week it is IHG’s turn to reach the headlines. The company was infected with a malware that searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) from the magnetic stripe of a payment card as it was being routed through the affected hotel server. 
Be sure to check your credit card transactions if you stayed at an IHG hotel on or after September 29, 2016.
Stay tuned for more updates,
Dan Gurfinkel
Head of Offensive Security & Response Unit
Comsec by HUB Security logo
We are sorry to hear you have a problem, but we are here to help!

Our Hot Line is ready to provide
immediate assistance 24/7

Calling from Israel?

+972 747047472

Calling from anywhere else?

+31202170634

Comsec by HUB Security logo

We are sorry to hear you have a problem, but we are here to help!

Our Hot Line is ready to provide immediate assistance 24/7

Skip to content