Beware this ongoing password-stealing email hack — here’s everything you need to know about the dangerous blob URI attacks.
It might sound like an old B-movie horror film, but the blob is very real and very scary nonetheless. With email increasingly, anything that combines the two things is a security nightmare. Welcome to the very dark and dangerous world of email blob attacks that will compromise your passwords.
Threat intelligence experts have been monitoring a new threat to email users, and specifically their passwords, for some time now. That threat comes by way, as is nearly always the case, of a legitimate internet technology. Using Blob URIs to distribute phishing pages that can steal user credentials by way of email inboxes is proving to be something of a hacker’s friend.
“Blob URIs are generated by a browser to display and work with temporary data that only that browser can access,” Jacob Malimban, a member of the Cofense Intelligence Team,. By way of an example, you will find services such as YouTube storing videos temporarily within a browser using blob URIs. The advantage of a blob is that only the browser that generated it can access it. That’s the good news. The disadvantage of a blob is that only the browser that generated it can access it.
“Because the data is local to a client browser,” Malimban explained, “blob URIs cannot be directly accessed over the internet like usual websites.” Which means that the ultimate password-stealing phishing page is not accessible over the internet like other malicious sites, “because the blob URI used to visit it is generated locally.
Although it’s important to remember that these blobs can be used for legitimate purposes, if you get an email which includes a link to a site where the address bar has either “blob:http://” or “blob:https://” at the start, you should be on high alert for a potential phishing attack. According to Malimban, multiple campaigns are currently using the blob URI attack methodology.
Email Attack Email Warning Blob Cofense Email Security Warning Blob Hackers Phishing Password Hack URI
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
New Gmail Warning — Do Not Open This Email From GoogleThis Gmail attack bypasses Google’s own security checks.
Read more »
New Gmail Warning — Do Not Open This Email From GoogleThis Gmail attack bypasses Google’s own security checks.
Read more »
New Gmail Upgrade — Millions Of Email Users Now At Risk Of AttackThis new Gmail security feature could put millions of email users, whether they use Gmail or not, at risk of attack.
Read more »
New Gmail Feature Leaves Millions Of Email Users Open To AttackThis new Gmail security feature could put millions of email users, whether they use Gmail or not, at risk of attack.
Read more »
The attack on Gov. Josh Shapiro is an attack on PennsylvaniaIt is plain that antisemitism bubbles along just under the surface in Pennsylvania.
Read more »
Attack on Titan: The Last Attack Sets Streaming Date (& It’s Sooner Than You Think)Attack on Titan: The Last Attack's movie has hit theaters, but for fans wishing to stream it from home, the good news, you won't be waiting long, or at all.
Read more »