Select Page
New Cache Poisoning Attack Lets Attackers Target CDN Protected Sites

New Cache Poisoning Attack Lets Attackers Target CDN Protected Sites

A team of German cybersecurity researchers has discovered a new cache poisoning attack against web caching systems that could be used by an attacker to force a targeted website into delivering error pages to most of its visitors instead of legitimate content or resources.

The issue could affect sites running behind reverse proxy cache systems like Varnish and some widely-used Content Distribution Networks (CDNs) services, including Amazon CloudFront, Cloudflare, Fastly, Akamai, and CDN77.

In brief, a Content Distribution Network (CDN) is a geographically distributed group of servers that sit between the origin server of a website and its visitors to optimize the performance of the website.

images from Hacker News

42 Adware Apps with 8 Million Downloads Traced Back to Vietnamese Student

42 Adware Apps with 8 Million Downloads Traced Back to Vietnamese Student

First of all, if you have any of the below-listed apps installed on your Android device, you are advised to uninstall it immediately.

Cybersecurity researchers have identified 42 apps on the Google Play Store with a total of more than 8 million downloads, which were initially distributed as legitimate applications but later updated to maliciously display full-screen advertisements to their users.

Discovered by ESET security researcher Lukas Stefanko, these adware Android applications were developed by a Vietnamese university student, who easily got tracked likely because he never bothered to hide his identity.

images from Hacker News

Verizon, AT&T, Sprint and T-Mobile to replace SMS with RCS Messaging in 2020

Verizon, AT&T, Sprint and T-Mobile to replace SMS with RCS Messaging in 2020

Mobile carriers in the United States will finally offer a universal cross-carrier communication standard for the next-generation RCS messaging service that is meant to replace SMS and has the potential to change the way consumers interact with brands for years to come.

All major United States mobile phone carriers, including AT&T, Verizon, T-Mobile, and Sprint, have joined forces to launch a new initiative that will replace SMS with RCS mobile messaging standard.

What’s more? The initiative is also working with its carrier ownership group and other companies to develop and deploy the new RCS standard in a new text messaging app for Android phones that is expected to be launched in 2020.

The goal of this joint venture, dubbed the Cross Carrier Messaging Initiative (CCMI), is to deliver the GSMA’s Rich Communications Service (RCS) industry standard to consumers and businesses on each of the four carriers, both in the United States and globally.

images from Hacker News

Over A Billion Malicious Ad Impressions Exploit WebKit Flaw to Target Apple Users

Over A Billion Malicious Ad Impressions Exploit WebKit Flaw to Target Apple Users

The infamous eGobbler hacking group that surfaced online earlier this year with massive malvertising campaigns has now been caught running a new campaign exploiting two browser vulnerabilities to show intrusive pop-up ads and forcefully redirect users to malicious websites.

To be noted, hackers haven’t found any way to run ads for free; instead, the modus operandi of eGobbler attackers involves high budgets to display billions of ad impressions on high profile websites through legit ad networks.

But rather than relying on visitors’ willful interaction with advertisements online, eGobbler uses browser (Chrome and Safari) exploits to achieve maximum click rate and successfully hijack as many users’ sessions as possible.

images from Hacker News