@b33fpebble @jnbhlr @yassie_j personally, I think that tools like https://enpass.io work well as that they offer #AutoFill only on legitimate or rather known domains, so #Typosquatting-based #Phishing doesn't work.

Plus they don't do fully-automatic auto-filling but rather expect the user to choose the credentials in an overlay offered by the extension.

So it's not as if one can provoke logins just with an HTTP(S) request.

Even then #Enpass still demands one to enter a Password or PIN.

Tippfehler: Mails fürs US-Militär gingen an Mali-Domain | heise online https://www.heise.de/news/Tippfehler-Mails-fuers-US-Militaer-gingen-an-Mali-Domain-9220155.html #TypoSquatting

Security (b)log: Alphabets
#Homoglyphs look very much alike, but #typosquatting is a more realistic threat.

News from the big bad world: much cryptocurrency stolen | different kinds of 2FA | criminals love Telegram | lots more

https://securityblogpatrick-english.blogspot.com/

Security (b)log: Alfabetten
Twee druppels water lijken sterk op elkaar, maar toch kunnen ze van elkaar verschillen. Met letters is dat net zo, bijvoorbeeld als ze uit verschillende alfabetten komen. De Security (b)log legt #homogliefen en #typosquatting uit.

In de grote boze buitenwereld wordt veel cryptogeld gestolen, zijn er diverse smaken 2FA en zweren criminelen bij Telegram.

https://securityblogpatrick.blogspot.com/

A few months ago @ggdaniel wrote about an easy way to generate regular expressions from a word list using Trieregex library. I've decided to put together a couple of examples where this approach fits really good: #typosquatting and #dataleaks https://link.medium.com/1DIHrNr8Yyb

This Week in Security: USB Boom! Acropalypse, and a Bitcoin Heist https://hackaday.com/2023/03/24/this-week-in-security-usb-boom-acropalypse-and-a-bitcoin-heist/ #ThisWeekinSecurity #HackadayColumns #SecurityHacks #typosquatting #Acropalypse #News #usb

This Week in Security: USB Boom! Acropalypse, and a Bitcoin Heist - We’ve covered a lot of sketchy USB devices over the years. And surely you know by ... - https://hackaday.com/2023/03/24/this-week-in-security-usb-boom-acropalypse-and-a-bitcoin-heist/ #thisweekinsecurity #hackadaycolumns #securityhacks #typosquatting #acropalypse #news #usb

#Security Short - about the infection method #typosquatting - what is is and how it works - #cybersecurity #howto #jfrog #research #cyberdefense #devsecops https://youtu.be/V63krIYfOG0

Paketmanager #PyPI: 451 Pakete versuchen, Kryptowährung zu stehlen | heise online https://www.heise.de/news/Paketmanager-PyPI-451-Pakete-versuchen-Kryptowaehrung-zu-stehlen-7494743.html #Typosquatting #cryptocurrency #cryptocurrencies #Chromium #ChromiumExtension #MicrosoftEdge #GoogleChrome #OperaBrowser #Opera #Brave #BraveBrowser #python

Latest attack on PyPI users shows crooks are only getting better - Enlarge (credit: Getty Images)

More than 400 malicious package... - https://arstechnica.com/?p=1917705 #coderepositories #typosquatting #biz⁢ #pypi

Ars Technica: Latest attack on PyPI users shows crooks are only getting better https://arstechnica.com/?p=1917705 #Tech #arstechnica #IT #Technology #coderepositories #typosquatting #Biz&IT #pypi

#InfoSec FYI: There's a massive #typosquatting campaign targeting PyPI. Someone's clearly reached the automation section of "Black Hat Python" 🙄

This is the same actor as highlighted by Phylum yesterday - currently they're pushing a cryptostealer everywhere they can, but who knows what's next.

Recently, they've started typosquatting the following packages (& showing example typosquat):
* xlsxwriter (ex. xlsxwwriter)
* urllib3 (rllib3)
* simplejson (simplejsn)
* requests-toolbelt (requests-toollbelt)
* discord-webhook (disocrd-webhook)
* discord-py (discod-py)
* websocket-client (weebsocket-client)
* openpyxl (oepnpyxl)
* pillow (pilloow)
* click (clickk)
* pysocks (ysocks)
* psutil (psuil)
* gitpython (gitpythn)
* pycodestyle (pycodestye)
* prompt-toolkit (prompt-toolkiit)
* beautifulsoup (baeutifulsoup)

Reports headed out to PyPI soon.

If your company uses your own PyPI mirror, I'd recommend disallowing new packages released within the past ~week (as a general precaution, tbh).

📬 Durch diesen kleinen Fehler können Hacker Deine Mails abfangen
#Hacking #Mailsabfangen #personenbezogeneDaten #Polizei #SebastianBicchi #SecResearch #Tippfehler #Typosquatting https://tarnkappe.info/artikel/hacking/durch-diesen-kleinen-fehler-koennen-hacker-deine-mails-abfangen-264367.html

#Security Weekly #News

"This week Dr. Doug discusses: Empathy, #hacking back, #typosquatting, #Bitwarden, Lexmark, Exchange, Russians, Iranians, Dragonbridge, Derek Johnson talks about Hive and more on the Security Weekly News."

Empathy, Bitwarden, Lexmark, Exchange, Dragonbridge, & Derek Johnson Talks About Hive - SWN #269

https://www.youtube.com/watch?v=M7D7UOyQv3U

#Security Short - about the infection method #typosquatting - what is is and how it works - #cybersecurity #howto #jfrog #research #cyberdefense #devsecops https://youtu.be/V63krIYfOG0

RT @hpsecurity@twitter.com

🚨We’ve spotted several convincing #malvertising campaigns using paid adverts and #typosquatting to trick users into downloading #VidarStealer and #IcedID – read more in our latest blog: http://ow.ly/iKov50MtK47

🐦🔗: https://twitter.com/hpsecurity/status/1615687631341342720

Seguro que alguna vez te has equivocado introduciendo la url en el navegador... #typosquatting

Seguro que alguna vez te has equivocado introduciendo la url en el navegador... #typosquatting

Nueva entrada en el Blog. En este caso, explicamos en que consiste la técnica de #Typosquatting, qué variaciones nos podemos encontrar, como detectarlo y que herramientas usar para ello.

https://elhackeretico.com/typosquatting/

https://phylum.io identified possible #typosquatting campaign gearing up on #pypi. 17 #python packages published, but currently seem to be benign. Includes things like asyncoi, twien and pynalc

#infosec #tech #malware