Skip to main content

Featured

Enchilada Casser-Ole

A Fiesta in Every Bite The aroma wafting from the oven held within it the promise of a Tex-Mex fiesta. It wasn't just the sizzle of melted cheese or the tang of tomatoes but a more profound harmony of spices whispering tales of sun-warmed earth and vibrant chilies. This, my friends, was the call of the Enchilada Casserole, a dish legendary in our household for its ability to vanish faster than a tumbleweed in a tornado. Credit for this culinary wonder goes to Marsha Wills, a culinary sorceress from Homosassa, Florida. Her recipe, shared with the world in the depths of a magazine, landed on our kitchen counter like a treasure map leading to Flavortown. We embarked on the adventure, drawn by the siren song of black beans, melty cheese, and a symphony of southwestern spices. The preparation was as joyous as the anticipation. Our kitchen became a fiesta of chopping, grating, and sizzling. Black beans, plump and earthy, danced in a fragrant tango with diced tomatoes, their acidity...
Post a Comment
Read more

The dangers of QR codes: spoofing, malware and session hijacking

 

The dangers of QR codes: spoofing, malware and session hijacking

“Qrishing”, downloading of malicious “software” and “qrljacking” are the main types of attacks that cybercriminals carry out through this format.

QR codes have become part of normal life for most with the pandemic.  bolts

QR codes have become part of unremarkable life for most with the pandemic. LA RAZÓN (CUSTOM CREDIT) COURTESY OF MITYA IVANOV / UNSPLASH.

ALFREDO BIURRUN

The QR codes (Quick Response or quick response), created in 1994 by the Japanese company Denso Wave, are modules to store information in a dot matrix which has a capacity of 4,286 alphanumeric characters. Until a couple of years ago they were not very present in the lives of most, but the pandemic arrived and with it they took on a new utility as a method to avoid physical contact in a series of daily situations such as consulting the menu of a restaurant or show Covid passport. In the last year, 86% of users have scanned a QR code with their mobile, according to a study by the firm MobileIron .

This sudden popularity makes them an attractive way for cybercriminals to reach their victims and the fact that, according to the same report, 34% of users do not worry about security when using them cannot be better news for them. Since the pandemic began, institutions and security bodies have repeatedly warned of the growth of scams that use QR codes and the risks they entail. According to the National Institute of Cybersecurity, the main tactics that use QR codes are three: " qrishing " ("phishing" through QR codes), downloading " malware " and " qrljacking”Or hijacking of user credentials.

 

What is qrishing?

It is a variation of the much better known " phishing " or identity theft. That is, when the victim accesses a fraudulent website (imitating that of a bank, for example) whose objective is to enter their user credentials or other sensitive information that remains in the hands of the cybercriminal. To the usual “phishing” campaigns by email or SMS, we must add the “qrishing” campaigns that occur when access to the fraudulent website is carried out by scanning the URL contained in a QR code .

An advantage that this form of identity theft has for the attacker is that it is much newer, so the victim tends to be more unprepared when faced with a QR code of uncertain origin than when faced with an email or SMS whose sender can check without even opening it. . An added risk factor is that, depending on the QR application used and its configuration, it can directly open the link without the user having the opportunity to see it first and check if it matches the legitimate domain of the website in question.

 If you have a business that uses QR codes, INCIBE recommends checking regularly that they are not manipulated by third parties.

If you have a business that uses QR codes, INCIBE recommends checking regularly that they are not manipulated by third parties. PHOTO: LA RAZÓN (CUSTOM CREDIT)  COURTESY THE BLOWUP / UNSPLASH.

QR codes and "malware"

In the same way that a QR code can redirect the user to a fraudulent website, it can also redirect the user to a malicious website that takes advantage of an “exploit” to inject malicious code into the device or forces the download of “malware” when visiting the web. These types of websites are designed to exploit vulnerabilities at the “software” level in the operating system or the browser used and expose the victim to a wide variety of malicious actions. From displaying unwanted advertising to subscribing to premium services, accessing the device and its information, sending emails or integrating it into a “botnet” (for example, to carry out a DDOS attack, denial of service, to a web) without the user knowing.

What is "qrljacking"?

This Anglicism is how the login hijacking in services that use a QR code, such as the web version of WhatsApp, is known. This type of attack occurs when the victim is tricked into scanning a modified QR code that impersonates the original, in such a way that the attacker captures the victim's session credentials and covertly accesses the information contained within the bill.

To protect itself from this type of fraud and attacks using QR codes, INCIBE makes the following recommendations:

· If you have a business that uses QR codes, check regularly that they have not been changed or modified by third parties.

· Use a QR code generator or a service that offers sufficient security guarantees regarding the generation of QR codes, the correct link to the service, etc.

· Check that the QR code redirects to the indicated page , that is, that it points to the page or service that it claims to point to. For this we will use reading "apps" that allow us to consult the URL before opening it.

· Disable automatic link opening when scanning a QR code. In this way you can check the address to which the code links.

· Check that the URL is from a trustworthy site and matches the one indicated in the letter, leaflet or advertisement.

· In the case of using QR codes that facilitate access to certain transport, leisure or reserved areas services, do not disclose the QR code through social networks as you could be the victim of fraudThe dangers of QR codes: spoofing, malware and session hijacking.

 technologyify          worldbeautytips          technologyford        techiesin    blog4techies

 

Popular Posts