Security Audit

Our Web Application Pentest ( WAP) attempts to address the Owasp top 10 & SANS top 20 web application vulnerabilities and other exploitable loopholes of your web application . Along with it our WAP team also test web applications for Business logic flaws that can directly or indirectly effect the functioning of application.

Trainings

We are here to help you solve your biggest query- where and how to start? CDI has brought various courses in Ethical Hacking in Chandigarh where all you technology lovers will be given the much needed push to move forward and create a niche for yourself in the field. From Beginner to Expert level we have many kinds of training patterns.

Call Us : +91-771045-0011 | +91-771045-0022

Malvertising  by Technical Support Scammers! Be alert Mac Users!

By pretending to be operators of the Apple Technical support, scammers are targeting Mac users this time. Scammers are running an aggressive malvertising campaign by tracing the traffic of the Mac users.

A senior security researcher named Jerome Segura from Malwarebytes said that These scams have been done by aggressive malvertising instead of cold calls”.

Mac users have been targeted by this malvertising campaign in which they browse “lower-quality websites”. These websites has been used by technical support scammers to hijack the user’s traffic by host the malicious scripts or attack codes that are able to exploit vulnerabilities in the browser.

In this campaign scammers use a website with a URL, which was almost identical to the one used by Apple to provide technical support to their users. Scammers have use “ara-apple.com” instead of “ara.apple.com". It allows its customers to share the desktop remotely with the scammers.

With this strategy technical support scammers sends the fake warnings on the user’s computer like “your PC is at risk “or “Boost up your PC”.These messages propose a telephone number to call for support which will be of the scammer. From this case we can say that tech support scammers are utilizing more complicated ways to target their victims by social engineering.

The scammers also use the fake domain to process payments, but when researchers gave  a look to the ‘Secure Payment’ page implemented by technical support scammers, they found that process uses the HTTP protocol instead HTTPs. After that experts reported about this campaign to GoDaddy and the hosting provider Liquid Web to allow the shutdown of the fake websites.

So be careful from these types of pop-ups and websites!

 

Leave a Reply

Name
Email id
Contact No
Comment

See more of Cyber Intelligence by logging in.
Connect with cyber security experts,Discover job opportunities,Online Training, Information Security Advisory and lot more.