Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

Google tool accidentally makes bypassing phishing filters a breeze

Image Description

A researcher has discovered a quirk in the way Google App Engine handles subdomains that could allow scammers to conduct email phishing campaigns undetected.

In legitimate scenarios, Google App Engine is used to develop and host web applications. However, according to security researcher Marcel Afrahim, the cloud-based platform can also be abused to bypass security controls and funnel victims to malicious landing pages.

The issue lies in the way the platform generates subdomains and routes visitors. By setting up a raft of invalid subdomains, all of which redirect automatically to a central malicious application, attackers can conceal their activity with ease.

Email phishing

Traditionally, security professionals shield users from malicious applications by identifying and blocking requests to and from dangerous subdomains. However, the way Google App Engine generates subdomain URLs makes this process much more challenging.

Each subdomain created using the platform contains a marker that indicates the app version, service name, project ID and region ID. But if any of these pieces of information is invalid - providing the project ID is correct - the subdomain redirects automatically to a default page instead of serving a 404 error message.

This practice, known as soft routing, could allow scammers to create a vast pool of subdomains, all of which lead to a single malicious landing page. The attempts of security professionals, meanwhile, are hindered by the sheer volume of subdomains that lead to the dangerous page.

“Requests are received by any version that is configured for traffic in the targeted service. If the serving that you are targeting does not exist, the request gets soft routed,” explained Afrahim.

“If a request matches the PROJECT_ID.REGION_ID.r.appspot.com portion of the hostname, but includes a service, version or instance name that does not exist, then the request is routed to the default service, which is essentially your default hostname of the app.”

According to security researcher Yusuke Osumi, the vulnerability identified by Afrahim is already being exploited in the wild.

The researcher tweeted a list of more than 2,000 subdomains - generated automatically using Google App Engine’s domain generator - all of which led to a phishing landing page disguised as a Microsoft sign-in portal.

Google has not yet responded to our request for comment on what might be done to address the vulnerability.

Via Bleeping Computer

Date

21 Sep 2020

Sources


Share


Other Blog

  • Best 1440p monitors

    The best 1440p monitors might just be that sweet spot you’re looking for, and not just for PC gaming. Most 4K monitors are still expensive and limited to the 60Hz refresh rate, and while 1080p displays are still widely used, that 1920 x 1080 is slowly on its way out. Their 1440p peers, on the other hand, combine a higher resolution with fast refresh rates at affordable prices.

    If you want better and smoother picture quality without spending a whole lot of money, 1440p displays are just the ticket. You’re getting a higher pixel count and more detail, as well as a 144Hz or higher refresh rate, for typically much less money and while requiring less powerful internals than their 4K counterparts.

    Here are the best 1440p monitors you can find today, from gaming panels to displays fit for productivity. 

    Corsair Xeneon 32QHD165 against a white background

    (Image credit: Corsair)

    1. Corsair Xeneon 32QHD165

    Best all-around 1440p monitor

    Input ports: 1x DisplayPort 1.4, 2x HDMI 2.0, 1x Type-C DP Alt-Mode | Refresh rate: 165Hz | Response time: 1ms | HDR: VESA DisplayHDR 400 | Color coverage: DCI-P3 98%, AdobeRGB 100%, sRGB 100%

    Fab all-round image quality
    Good build quality and feature set
    Lacks full-array local dimming

    Excellent color coverage and all the ports you’ll need are only two of the many reasons why the Corsair Xeneon 32QHD165 is our best all-around pick for a 1440p monitor. This 32-inch panel also delivers great picture quality, good build, and a strong feature set overall while touting a not-cheap-but-not-expensive price tag. Its 165Hz refresh rate and 1ms response time are great for budding pro-gamers, its DisplayHDR 400 helps with creative workflows and immersive media consumption, and its multi-mount ergonomic stand makes its very versatile for a whole lot of uses. And, there’s more where that came from.

    Read the full review: Corsair Xeneon 32QHD165

    Monoprice Dark Matter 27-inch against a white background

    (Image credit: Monoprice)

    2. Monoprice Dark Matter 27-inch

    Best budget 1440p monitor

    Input ports: 1x DisplayPort 1.2, 1x HDMI 2.0, 1x HDMI 1.4 | Refresh rate: 240Hz | Response time: Up to 1ms | HDR: VESA DisplayHDR 400 | Color coverage: sRGB 99%, NTSC 72%

    Rock-solid high refresh rate
    Great price
    No USB-C

    At less than $300/£300, the Monoprice Dark Matter 27-inch is a true budget option. But, it’s its solid feature-set that makes it a compelling one. The 240Hz refresh rate and DisplayHDR 400 you’ll get with it are premium features you’ll typically find in pricier 1440p monitors, and already make it a better value than everything else on this list. Of course, being a cheap display, there are compromises like the lack of USB-C and paltry color coverage. However, if getting a cheap gaming monitor that delivers smooth, high-resolution visuals ideal for fast-paced titles is what you want, it’s definitely an ace.

    Read the full review: Monoprice Dark Matter 27-inch

    LG UltraGear Ergo 27GN88A against a white background

    (Image credit: LG)

    3. LG UltraGear Ergo 27GN88A

    Best ergonomic 1440p monitor

    Input ports: 1x DisplayPort 1.4, 2x HDMI | Refresh rate: 144Hz | Response time: 1ms | HDR: HDR10 | Color coverage: DCI-P3 98%

    Excellent response
    Highly adaptable ergo mount
    Not a true HDR panel

    The LG UltraGear Ergo 27GN88A already ticks off a lot of things on the list – nice brightness levels, great color coverage, decent 144Hz refresh rate, and both AMD and Nvidia’s adaptive sync technologies. Even its HDR10 support gives it a bit more value, especially at that very affordable price. However, don’t think this is the jack-of-all-trades choice. It’s got the best ergonomics we’ve seen on a monitor. It doesn’t just turn and tilt; it swivels 280 degrees in both directions, pivots 90-degrees to portrait, has a height adjustment of 130mm, and even extends and retracts up to 180mm. This is the monitor for those who need a lot of versatility in their setup.

    Read the full review: LG UltraGear Ergo 27GN88A

    SAMSUNG Odyssey G7 against a white background

    (Image credit: Samsung)

    4. Samsung Odyssey G7

    Best curved 1440p monitor

    Input ports: 2x DisplayPort 1.4, 1x HDMI 2.0 | Refresh rate: 240Hz | Response time: 1ms | HDR: HDR600 | Color coverage: DCI-P3 95%

    Great HDR
    Impressive VA Panel
    Needs some calibration before use

    There’s value in the curve, especially in gaming, as it immerses you even more in your game without straining your eyes. So, we had to include a curved 1440p option that doesn’t take up a whole lot of space. The Samsung Odyssey G7 naturally gets our vote, its 1000R curvature on a 27-inch panel is just the right amount to be properly immersive. But, this VA monitor goes even further, giving you HDR600, a super-fast 240Hz refresh rate, and LED backlight for the full immersion. And, you can take home all that without breaking the bank, as it’s also surprisingly affordable for what it offers.

    Read the full review: Samsung Odyssey G7

    Samsung Odyssey Neo G9

    (Image credit: Samsung)

    5. Samsung Odyssey Neo G9

    Best ultrawide 1440p monitor

    Input ports: 1x DisplayPort 1.4, 2x HDMI 2.1 | Refresh rate: 240Hz | Response time: 1ms | HDR: HDR2000 | Color coverage: DCI-P3 95%, Adobe RGB 92%, sRGB 125%, NTSC 1976 88%

    Gorgeous panel
    More lighting zones
    Super expensive

    If you want to fully commit and have the space for it, go ultrawide with the Samsung Odyssey Neo G9. This panel will cost you, probably your entire savings too, but its entire 49-inch goodness is worth it if you can afford it. Among its many excellent features are the 240Hz refresh rate, HDR2000, 1000R curvature, and impressive color gamuts. But, its marquee one is its massive 5,120 x 1,440 resolution that gives you not just plenty of screen real estate, but also a one-of-a-kind experience that puts your right in the middle of the action. Just make sure you’ve got a big enough desk.

    Read the full review: Samsung Odyssey Neo G9

    Read More
  • Microsoft says latest SolarWinds attack appeared to come from China

    Microsoft security researchers suggest recent SolarWinds campaign is the handiwork of Chinese threat actors.

    Read More
  • Microsoft Teams vs Slack: Which video collaboration service is best?

    Following the outbreak of the Covid-19 pandemic, the market for video conferencing and collaboration tools has exploded. With this creating such a competitive environment, these digital tools have had to carve out particular niches for themselves. Some have focused on improving productivity, for example, others have looked to prioritize ease-of-use. In this climate, two of the most popular communication platforms are Microsoft Teams and Slack.

    With many organizations looking to adopt a hybrid working model that would allow employees to split their time between the office and home, remote communication tools like Slack and Teams could continue to play a major role in working life for years to come - their developers will certainly be hoping so.

    But how should businesses choose between Teams and Slack, particularly with both platforms offering a high-level service. While the two programs may look and feel similar on the surface, a closer comparison reveals some key differences.

    In this guide, we’ve collected all the information you need to decide whether Teams or Slack is best for your business, comparing plans and pricing, features, security and more.

    Plans and pricing

    For many businesses, price will be a deciding factor concerning which digital tools they use. The good news is both Teams and Slack offer free plans - although each comes with slightly different features thrown in. 

    With Slack’s free plan, for example, businesses can add an unlimited number of users and messages. Microsoft Teams, on the other hand only allows up to 500,000 users with its free plan - although this is effectively unlimited for all but the largest enterprises. One major difference is the fact that users of the free Slack plan can only search up to 10,000 archived messages. While this may seem like a lot, losing access to important messages feels like a significant drawback.

    Generally, the free version of Teams comes with fewer limitations. With users able to access screen sharing and small-scale video conferencing. These features are restricted for free users of Slack.

    Teams
    The way Microsoft Teams structures its pricing plans is a little different from most video conferencing tools. Rather than having set pricing for Teams alone, there are Microsoft 365 plans that each come with different versions of Teams. 

    Microsoft 365 Business Basic is priced at $5.00/£3.80/AU$6.90 per user per month and comes with 1TB of OneDrive cloud storage as well as access to Teams. Unfortunately, desktop versions of Word and PowerPoint aren’t included. 

    Microsoft 365 Business Standard, meanwhile, is priced at $12.50/£9.40/AU$17.20 per user per month and doesn’t actually affect your available Teams features. Instead, desktop versions of Word, Excel and PowerPoint are now thrown in.

    Finally, Microsoft 365 Premium adds extra security and privacy features, as well as a greater range of device management options. This package will set your business back $20.00/£15.10/AU$27.50 per user per month. For that, you also get the premium version of Teams.

    Slack
    Slack’s Standard plan starts at $6.67/£5.25/AU$8.00 per user per month. This version gets rid of the searchable limit for archived messages and comes with 10GB of storage per user - which is a significant increase on the 5GB for the entire workplace that comes with the free plan. 

    Standard users can also add guests and external collaborators, set compliance rules for messages and files, as well as create custom user groups. The Plus plan comes in at $12.50/£9.75/AU$15.00 per user per month and boasts 20GB of storage for each user, as well as additional security features. 

    Features

    Both Microsoft Teams and Slack offer users a sizable number of features. The main advantage of Slack is the way that it allows for collaboration with an unlimited number of external teams - a feature that is significantly limited when using Teams. 

    A major advantage for users of Microsoft’s solution, however, comes in terms of its video conferencing functionality. Video conferences with up to 250 users or live events with up to 10,000 participants are available. This may only really be useful for larger organizations but, even so, the past 18 months have demonstrated the benefits of such features. Slack does come with channels, private messages and workflow tools, but it can’t compete with Teams’ Office integration. 

    Security

    The rise in popularity of collaboration tools like Teams and Slack may have benefits, but it has undoubtedly introduced new vulnerabilities too. Fortunately, both Teams and Slack definitely take security seriously, offering users two-factor authentication to help keep their accounts secure. 

    Slack also offers compliance with most basic ISO certifications and can be configured to be HIPAA-compliant if necessary. However, Teams does provide better access control and has more advanced administration features, so probably comes out on top if security is a major dealbreaker for your organization. 

    Support

    Both Teams and Slack promise 24/7 support, but so do most tech firms. In practice, of course, things are a little different. With Teams, T-Bot is always on hand to offer assistance, while Slack’s help center provides an easy way to seach for common troubleshooting problems. If you want more bespoke support, Slack offers a four-hour response time with its pricier packages.

    One benefit of Teams in terms of support that is too easily overlooked is the robust community of users that is always willing to offer a helping hand via forums and other informal chat platforms. They will mean that it’s unlikely that you’ll ever be stuck dealing with a Teams problem for long.

    Verdict

    Both Teams and Slack, as well as a number of other digital workplace tools, have witnessed significant growth in popularity over the past 18 months. If your business has adopted either program, you’ll be enjoying a great range of collaboration and productivity features. 

    In terms of which one is better, that will largely depend on your specific needs. Teams definitely has the edge in terms of its video options (particularly for free users) but Slack has a solid range of features and offers more functionality if you collaborate with a lot of external teams. Ultimately, your choice may come down to whether you use Office programs frequently. If so, Teams may be the way to go. 

    Read More
  • Here's how Grid Studio are bringing framed Apple, Nintendo and Sony nostalgia to your walls

    We spoke to the owners of a company wanting to bring your favorite devices back into a frame

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us