Public Warning.
If you EVER, and I do mean EVER see a QR code for anything... not just some things, ANYTHING.
Treat it as a scam, do not scan it, they can easily be covered up with malicious redirects to fake sites to steal your financial details. Direct you to malware sites to try and infect your device.
Treat them all the same... as toxic, potential harmful to your identity and security.
Never trust them... EVER!!!
If you 100% must use one, do what you should be doing at any (ATM) cash machine, check for devices that have been installed by crooks. See if you can peel the code off, not just at the area around the code, but the whole sign... look for anything unusual and if you have any doubts... even if it's 1% doubt... DON'T USE IT
This isn't scaremongering, scammers and thieves are out there every day, placing fake QR codes on signs all over the place. No where is safe from them. The way to win is not to play. Don;t buy into the enshitification of everything, don;t be told that you can ONLY do it one specific way (legally they have to offer more than one way to pay for a service).
Please boost and spread the word.
๐จ Latest issue of my curated #cybersecurity and #infosec list of resources for week #42/2023 is out! It includes the following and much more:
โ ๐ ๐ Tracking Unauthorized Access to #Okta's Support System
โ ๐ ๐ฏ๐ต #Casio discloses #databreach impacting customers in 149 countries
โ ๐ ๐งฌ Hacker leaks millions more #23andMe user records on #cybercrime forum
โ ๐ ๐จ๐ณ D-Link confirms data breach after employee #phishing attack
โ ๐ ๐ฐ #Equifax Fined $13.5 Million Over 2017 Data Breach
โ ๐บ๐ฆ ๐งน Ukrainian activists hack Trigona #ransomware gang, wipe servers
โ ๐บ๐ธ ๐ฐ๐ต FBI: Thousands of Remote IT Workers Sent Wages to #NorthKorea to Help Fund Weapons Program
โ ๐ฎ๐ณ โ๏ธ #India targets #Microsoft, #Amazon tech support #scammers in nationwide crackdown
โ ๐ต๐ธ ๐ฎ๐ท #Hamas-linked app offers window into cyber infrastructure, possible links to Iran
โ ๐ฎ๐ปโโ๏ธ ๐ฅท๐ป Police seize #RagnarLocker leak site
โ ๐ฐ๐ต North Korean Hackers Exploiting Recent #TeamCity Vulnerability
โ ๐จ๐ณ ๐ท๐บ #China replaces #Russia as top #cyberthreat
โ ๐บ๐ฆ ๐ก CERT-UA Reports: 11 Ukrainian Telecom Providers Hit by Cyberattacks
โ ๐ซ๐ท ๐ช๐ธ #France frees the two biggest Spanish hackers
โ ๐บ๐ธ โ๏ธ Ex-Navy IT head gets 5 years for selling peopleโs data on #darkweb
โ ๐จ๐ญ ๐ณ๏ธ #Switzerlandโs e-voting system has predictable implementation blunder
โ ๐ ๐ญ Critical Vulnerabilities Expose โโ#Weintek HMIs to Attacks
โ ๐ ๐ญ #Milesight Industrial Router #Vulnerability Possibly Exploited in Attacks
โ ๐ฆ ๐ป๐ณ Fake #Corsair job offers on #LinkedIn push #DarkGate malware
โ ๐ฆ Google-hosted #malvertising leads to fake #Keepass site that looks genuine
โ ๐ฆ ๐ฌ #Discord still a hotbed of #malware activity โ Now APTs join the fun
โ ๐ฆ ๐ต๐ปโโ๏ธ SpyNote: Beware of This Android #Trojan that Records Audio and Phone Calls
โ ๐๏ธ ๐ฆ #Android will now scan sideloaded apps for malware at install time
โ ๐ฌ ๐ #WhatsApp #passkeys on the way, but as usual, for Android first
โ ๐ท๐บ ๐๏ธ Pro-Russian Hackers Exploiting Recent #WinRAR Vulnerability in New Campaign
โ ๐๏ธ โ Signal Pours Cold Water on Zero-Day Exploit Rumors
โ ๐ ๐ฅ #Cisco warns of new #IOS XE #zeroday actively exploited in attacks
๐ This week's recommended reading is: "RTFM: Red Team Field Manual v2" by Ben Clark and Nicholas Downer
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end โฌ๏ธ
https://infosec-mashup.santolaria.net/p/infosec-mashup-week-422023