• Phishing emails using SVG attachments to help get away with attac

    From TechnologyDaily@1337:1/100 to All on Tuesday, November 19, 2024 12:15:05
    Phishing emails using SVG attachments to help get away with attacks

    Date:
    Tue, 19 Nov 2024 12:03:00 +0000

    Description:
    Weaponized SVG attachments are not being recognized as malicious, resulting
    in victims being served phishing scams and malware.

    FULL STORY ======================================================================Security
    researchers spotted phishing emails with SVG attachments The nature of SVG files allows them to bypass email protections Common sense remains the best way to defend against phishing

    Hackers are always looking for new ways to sneak phishing emails into peoples inboxes, and it seems SVG attachments are the next big thing.

    Security researchers recently posted about SVG attachments on Twitter, claiming their nature allows them to bypass email protections and land malicious content in victim's inbox.

    For the uninitiated, SVG is short for Scalable Vector Graphics - its a lossless image format used all across the web, especially for content that is designed to be viewed on screens of different sizes. Images are not created with pixels, but rather with XML-based code which defines graphics. Since images are built with code, they cannot be analyzed by antivirus programs in the traditional sense of the word. As a result, many bypass current protections. Fake Excel

    According to MalwareHunterTeam, some cybercriminals found a way to abuse this fact. One of the examples was creating a fake Excel spreadsheet with SVG
    which allows people to submit different content (mostly login credentials and other valuable information).

    Even if email security solutions providers find a way to defend against SVG-borne email attacks, crooks will only find another attack avenue.

    Therefore, relying exclusively on software to protect your inbox against
    these threats is super risky. Instead, experts suggest humans be put in the proverbial trenches - using common sense, spotting phishing emails, and
    acting accordingly (reporting and deleting the email immediately) remains the best form of defense.

    Another way crooks can bypass email protection in phishing attacks is through the use of QR codes.

    Since these come in .JPG or similar image formats, they rarely get scanned
    for malice. Furthermore, QR codes in emails usually force victims to bring up their mobile devices, which are rarely as secure as desktop devices, increasing the chances of infection or data loss.

    Via BleepingComputer You might also like Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics Here's a list of the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/phishing-emails-using-svg-attachments-t o-help-get-away-with-attacks


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)