Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

7/29/2019
09:00 AM

9 Things That Don't Worry You Today (But Should)

There are security concerns that go far beyond the usual suspects. Here are some that should be on your list of scary things.
9 of 10

QR Codes
Do you know where that QR code is going? Really? Between URL shorteners, malicious URL obfuscators, and automatic media openers, it can be a very short step from scanning a QR code to launching malware on a smartphone attached to the enterprise network.
Nick Guarino, a researcher with CoFense, writes that QR codes have been used in phishing emails as a way to keep recipients from seeing the URL of a malicious link. Once scanned, the phishing site opens and, having been launched through a respectable-looking QR code, victims are more likely to provide information requested and give up sensitive information.
Although QR codes can be convenient, and may even be part of marketing campaigns, security teams should encourage users to treat them as suspicious when they come in unexpected forms, such as email or messenger messages.
(Image Source: Mihail via Adobe Stock)

QR Codes

Do you know where that QR code is going? Really? Between URL shorteners, malicious URL obfuscators, and automatic media openers, it can be a very short step from scanning a QR code to launching malware on a smartphone attached to the enterprise network.

Nick Guarino, a researcher with CoFense, writes that QR codes have been used in phishing emails as a way to keep recipients from seeing the URL of a malicious link. Once scanned, the phishing site opens and, having been launched through a respectable-looking QR code, victims are more likely to provide information requested and give up sensitive information.

Although QR codes can be convenient, and may even be part of marketing campaigns, security teams should encourage users to treat them as suspicious when they come in unexpected forms, such as email or messenger messages.

(Image Source: Mihail via Adobe Stock)

9 of 10
Comment  | 
Print  | 
Comments
Threaded  |  Newest First  |  Oldest First
edshawn61
50%
50%
edshawn61,
User Rank: Apprentice
7/29/2019 | 6:43:43 PM
Great job
Your take on this topic is very interesting!
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
7 Ways VPNs Can Turn from Ally to Threat
Curtis Franklin Jr., Senior Editor at Dark Reading,  9/21/2019
Security Pros Value Disclosure ... Sometimes
Dark Reading Staff 9/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I wish they'd put a sock in it.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16691
PUBLISHED: 2019-09-23
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2019-16707
PUBLISHED: 2019-09-23
Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx.
CVE-2019-16708
PUBLISHED: 2019-09-23
ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage.
CVE-2019-16709
PUBLISHED: 2019-09-23
ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.
CVE-2019-16710
PUBLISHED: 2019-09-23
ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c.