9 C
London
Wednesday, September 20, 2017
Home Tags Google Analytics

Tag: Google Analytics

A simple URL tweak using a Latin character redirects unwitting users to a scam site.

Google Analytics is the latest target for cyber-spammers.

Canadian firm Analytics Edge early this month spotted a fake search engine appearing on Google's data service as "secret.?oogle.com."

But don't confuse the familiar-looking link—which was accompanied by a message to "Vote for Trump"—with the authentic site.

Navigate to the address and you'll be redirected to "xn--oogle-wmc.com," which, in turns, brings you to a lengthy URL featuring the lyrics to Pink Floyd's "Money."

Based on a screenshot published by BGR—which was brave enough to click on the spammy link—the bizarre site offers instructions for use, as well as a message from Russian scammer Vitaly Popov, congratulating "all Americans" and President-elect Donald Trump.

Demonstrating how easy it is for hackers to register counterfeit domain names in an attempt to phish for personal data, Popov tweaked the Google.com URL ever so slightly: the leading "G" is not the traditional capital letter, but instead a Latin Letter Small Capital G—the character Unicode 0262.

With only a quick glance, the change is nearly indistinguishable.
It's unlikely, though, that Popov's spurious site will do any harm to visitors; according to BGR, the Russian native considers his scams "creative marketing."

Still, folks should stay away from ?oogle.com (with a little "G"), and remember to keep a close eye on other URLs—particularly those connected to financial institutions or social networks—in the future.
Similar letter tweaks could lead to more harmful sites.

Google did not immediately respond to PCMag's request for comment.

As Analytics Edge points out, international characters are slowly creeping into domain names, in an attempt to allow folks to create URLs in their native language.
Some enterprising cybercrooks, however, are using the feature for bad instead of good.

"Expect to see a sharp increase in phishing until the general public catches on," company founder Mike Sullivan wrote in a recent blog entry.

An update for python-django is now available for Red Hat OpenStack Platform 9.0(Mitaka).Red Hat Product Security has rated this update as having a security impact ofModerate.

A Common Vulnerability Scoring System (CVSS) base score, which gives adetail...
An update for python-django is now available for Red Hat Enterprise LinuxOpenStack Platform 6.0 (Juno) for RHEL 7.Red Hat Product Security has rated this update as having a security impact ofModerate.

A Common Vulnerability Scoring System (CVSS) base score, which gives adetailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Django is a high-level Python Web framework that encourages rapid developmentand a clean, pragmatic design.
It focuses on automating as much as possible andadhering to the DRY (Don't Repeat Yourself) principle.Security Fix(es):* A CSRF flaw was found in Django, where an interaction between Google Analyticsand Django's cookie parsing could allow an attacker to set arbitrary cookiesleading to a bypass of CSRF protection.
In this update, the parser for''request.COOKIES'' has been simplified to better match browser behavior and tomitigate this attack. ''request.COOKIES'' may now contain cookies that areinvalid according to RFC 6265 but are possible to set using ''document.cookie''.(CVE-2016-7401)Red Hat would like to thank the upstream Django project for reporting thisissue. Red Hat OpenStack 6.0 for RHEL 7 SRPMS: python-django-1.6.11-6.el7ost.src.rpm     MD5: c9b37f6c6f32ea4e08aee624d237b20bSHA-256: b8c29b2c29937824d1b8e2ceef19e76b0a5691008261ca12cb16dc31e0c61f05   x86_64: python-django-1.6.11-6.el7ost.noarch.rpm     MD5: 95441f454ea220f5ad1644a14a32553bSHA-256: bfd02cbdaa8be4298909d52530a829ebd1863002665e250a7b6368870a220a14 python-django-bash-completion-1.6.11-6.el7ost.noarch.rpm     MD5: f76728a00453b5ce1348580b7e9e8a7aSHA-256: b37b8eed378e9ac1820e4c097f1efe645fbebdff481ce50f467ec528b954bfd3 python-django-doc-1.6.11-6.el7ost.noarch.rpm     MD5: ce1a762835bbf402faa9f92276fcadfaSHA-256: c131c00ca6053a18086175133a88b6f96705f8052d869b3cdf7c69b156f2d5dd   (The unlinked packages above are only available from the Red Hat Network) 1377376 - CVE-2016-7401 python-django: CSRF protection bypass on a site with Google Analytics These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
An update for python-django is now available for Red Hat Enterprise LinuxOpenStack Platform 5.0 (Icehouse) for RHEL 7.Red Hat Product Security has rated this update as having a security impact ofModerate.

A Common Vulnerability Scoring System (CVSS) base score, which gives adetailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Django is a high-level Python Web framework that encourages rapid developmentand a clean, pragmatic design.
It focuses on automating as much as possible andadhering to the DRY (Don't Repeat Yourself) principle.Security Fix(es):* A CSRF flaw was found in Django, where an interaction between Google Analyticsand Django's cookie parsing could allow an attacker to set arbitrary cookiesleading to a bypass of CSRF protection.
In this update, the parser for''request.COOKIES'' has been simplified to better match browser behavior and tomitigate this attack. ''request.COOKIES'' may now contain cookies that areinvalid according to RFC 6265 but are possible to set using ''document.cookie''.(CVE-2016-7401)Red Hat would like to thank the upstream Django project for reporting thisissue. Red Hat OpenStack 5.0 for RHEL 7 SRPMS: python-django-1.6.11-6.el7ost.src.rpm     MD5: c9b37f6c6f32ea4e08aee624d237b20bSHA-256: b8c29b2c29937824d1b8e2ceef19e76b0a5691008261ca12cb16dc31e0c61f05   x86_64: python-django-1.6.11-6.el7ost.noarch.rpm     MD5: 95441f454ea220f5ad1644a14a32553bSHA-256: bfd02cbdaa8be4298909d52530a829ebd1863002665e250a7b6368870a220a14 python-django-bash-completion-1.6.11-6.el7ost.noarch.rpm     MD5: f76728a00453b5ce1348580b7e9e8a7aSHA-256: b37b8eed378e9ac1820e4c097f1efe645fbebdff481ce50f467ec528b954bfd3 python-django-doc-1.6.11-6.el7ost.noarch.rpm     MD5: ce1a762835bbf402faa9f92276fcadfaSHA-256: c131c00ca6053a18086175133a88b6f96705f8052d869b3cdf7c69b156f2d5dd   (The unlinked packages above are only available from the Red Hat Network) 1377376 - CVE-2016-7401 python-django: CSRF protection bypass on a site with Google Analytics These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
An update for python-django is now available for Red Hat Enterprise LinuxOpenStack Platform 5.0 (Icehouse) for RHEL 6.Red Hat Product Security has rated this update as having a security impact ofModerate.

A Common Vulnerability Scoring System (CVSS) base score, which gives adetailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Django is a high-level Python Web framework that encourages rapid developmentand a clean, pragmatic design.
It focuses on automating as much as possible andadhering to the DRY (Don't Repeat Yourself) principle.Security Fix(es):* A CSRF flaw was found in Django, where an interaction between Google Analyticsand Django's cookie parsing could allow an attacker to set arbitrary cookiesleading to a bypass of CSRF protection.
In this update, the parser for''request.COOKIES'' has been simplified to better match browser behavior and tomitigate this attack. ''request.COOKIES'' may now contain cookies that areinvalid according to RFC 6265 but are possible to set using ''document.cookie''.(CVE-2016-7401)Red Hat would like to thank the upstream Django project for reporting thisissue. Red Hat OpenStack 5.0 for RHEL 6 SRPMS: python-django-1.6.11-6.el6ost.src.rpm     MD5: 3fef51c108774481f42e3b3577c402e5SHA-256: 2d69f06ba092c23d6b9f8288ea53af9f43fecedca6cc6f29d5c1c2b5e269669b   x86_64: python-django-1.6.11-6.el6ost.noarch.rpm     MD5: 3dce65ccae1dea9dc7064a1a32542891SHA-256: 098f9e72c04237081ff6dbe6694a27dee074854865333883dd8b0e43aa9e9a8d python-django-bash-completion-1.6.11-6.el6ost.noarch.rpm     MD5: 8eb7879cdbd6c18a4286cf258975d7e9SHA-256: 6bf1da0115564a2e92721b103a79b5d077d36c99efe24b6d32eae7fc67bf867f python-django-doc-1.6.11-6.el6ost.noarch.rpm     MD5: 2be161022051bd3b01b04d80929de625SHA-256: 154a402410c46961217311e7b3f3ac43d3dcb60279668cbc70631f451902b3df   (The unlinked packages above are only available from the Red Hat Network) 1377376 - CVE-2016-7401 python-django: CSRF protection bypass on a site with Google Analytics These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: