A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode, an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic and Ukrainian.

The U.S. financial services firm Ameriprise uses the domain ameriprise.com; the Disneyland Team’s domain for Ameriprise customers is https://www.xn--meripris-mx0doj[.]com [brackets added to defang the domain], which displays in the browser URL bar as ạmeriprisẹ[.]com.

Have a look at the Punycode in this Disneyland Team phishing domain: https://login2.xn--mirtesnbd-276drj[.]com, which shows up in the browser URL bar as login2.ẹmirạtesnbd[.]com, a domain targeting users of Emirates NBD Bank in Dubai.

Here’s another domain registered this year by the Disneyland Team: https://xn--clientchwb-zxd5678f[.]com, which spoofs the login page of financial advisor Charles Schwab with the landing page of cliẹntșchwab[.]com. Again, notice the dots under the letters “e” and “s”. Another Punycode domain of theirs sends would-be victims to cliẹrtschwạb[.]com, which combines a brand misspelling with Punycode.

Read more: https://krebsonsecurity.com/2022/11/disneyland-malware-team-its-a-puny-world-after-all/

Responsible disclosure is broken.
In this article we take a look at some of the problems and a few alternative methods for solving some of the issues using #web3 concepts and constructs. Special thanks to my coauthors Cameron Kownack & Isac Artzi.

https://magazines.isc2.org/pages/2022/2022-11/beyond-the-bounty/

How do you evaluate and select security vendors? While it seems like vendor selection processes are like snowflakes, should we all do it our own unique way?

In this great article by Deb Radcliff including input from several of us with different perspectives, you can learn about best practices, while also gaining an understanding of a significant gap that exists in the area of relevant frameworks to enable intelligent vendor and product selection.

Thanks to Deb Radcliff, CSO Online, and the other contributors for the excellent article capturing the current state of security vendor selection.

Join in the discussion by sharing your thoughts, perspectives, and best practices in the comments.

https://www.csoonline.com/article/3679431/build-a-mature-approach-for-better-cybersecurity-vendor-evaluation.html

Me on Twitter right now:

#Twitter #Mastodon

An employee of Deloitte's India office has been found to be the mastermind of a computer #hacking gang that targeted British businesses.

https://business-standard.com/article/companies/deloitte-s-india-office-employee-masterminds-global-hack-says-report-122110600787_1.html