News for October 3, 2022


Browser Based App Phishing
by Artie Kaye

A new method for phishing has been discovered.  Chromium based browsers have a function called Application Mode.  This allows the browser to launch a webpage in another window.  The new window can be made to look like a regular program launched from the desktop, removing the address bar, even displaying a new icon different from the browser.  Using this function to bring up a login page could fool some users into thinking that it is a legitimate portal.  The good and bad news of this attack vector is that it requires a machine that is already compromised to work. 

https://mrd0x.com/browser-in-the-browser-phishing-attack/

https://www.bleepingcomputer.com/news/security/web-browser-app-mode-can-be-abused-to-make-desktop-phishing-pages/

TD Bank Data Breach
by Artie Kaye

A former employee accessed client data to use for fraudulent purposes.  The data accessed contained information such as date of birth, social security number, address, full name; all things one would need to commit fraud in someone’s name.  The bank has made remunerations to its customers.  It is a good practice to check your account information every couple weeks to make sure there are no suspicious transactions.  If there are suspicious transactions, call your bank to discuss or report them.

https://ago.vermont.gov/blog/2022/09/28/td-bank-data-breach-notice-to-consumers/

https://www.bleepingcomputer.com/news/security/td-bank-discloses-data-breach-after-employee-leaks-customer-info/