Latest news with #Sites
Yahoo
14-05-2025
- Science
- Yahoo
Local students awarded with Frank G. Paul Medal of Excellence
(BINGHAMTON, N.Y. (WIVT/WBGH) – An Afton woman is keeping her parents' legacy alive by awarding local students who excel in math and science. Seniors from high schools in Broome, Chenango, and Tioga Counties were honored for their academic excellence on Tuesday at SUNY Broome. The top students in math and science at each school were given a $1,000 per year scholarship and a medal for their achievement. This is the 24th year of the scholarship, which was established by Francis and Lillian Paul. Francis was an IBM employee who believed everyone should have access to education regardless of their financial circumstances. He passed away in 1996. The awards are given out each year by their daughter, Becky Komorowski. 'My heart is just full of love, and I really wish they were here. I really do. I brought a picture of them, and it's up on the front, and I'm just really proud to be able to speak for my family,' said Komorowski. Komorowski says she hopes the scholarship encourages students to continue doing their best, Students who attend first SUNY Broome will receive the $1,000 scholarship for all four years of college, should they go on to pursue a bachelor's degree. Komorowski says she took the scholarship over from her parents, and her daughter plans to continue handing it out after she is no longer able to. Real Heroes Breakfast honors community members for their bravery UHS receives $3.9 million grant as it continues pursuit of nursing excellence Community prepares for 15th annual Sacred Sites tour NYS awards $86M to arts and culture nonprofits throughout state Local students awarded with Frank G. Paul Medal of Excellence Copyright 2025 Nexstar Media, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
The Journal
14-05-2025
- Business
- The Journal
Dublin building collapse example of why derelict site levy should rise, says councillor
THE COLLAPSE OF a derelict building in Dublin city centre is a sign that the government must increase the derelict site levy, according to Dublin City Green Party councillor Hazel Chu. The vacant building, which is located across the road from the Grand Canal in Dublin 6, partially collapsed this week, resulting in Dublin Fire Brigade having to attend the scene to make it safe. Speaking to The Journal , Chu said she was very frustrated about the incident, stating that some years ago in 2021 she tried to get the site rezoned for mixed use residential and commercial, but the proposal was rejected. Advertisement Instead, it remained for commercial use only. The building was placed on the vacant sites register in 2023. Planning permission for the site was obtained in 2024, but no work had begun on the site prior to its collapse, she said. While the 7% derelict site levy was applied in 2023, it is clearly not enough to encourage the development of sites, Chu said. Each local authority keeps a Derelict Sites Register which includes the sites subject to an annual levy of 7% of its market value for being in a 'ruinous, derelict, dangerous or neglected condition' . Related Reads Shared equity scheme gets two more years - but Sinn Féin says it will 'make things worse' RPZ changes will have 'significant impact' says Minister, who claims he understands renters' fears Government missed its target of social housing by about 18% (or 2,345 homes) last year The levy continues to apply until the site is no longer deemed derelict 'It is clearly not enough in terms of applying to derelict sites around the city,' she said, adding that the government is literally 'letting buildings fall down before we actual move to do something about them,' said the former Lord Mayor of Dublin. She also questioned why some sites were being zoned for commercial use and not residential in the middle of a housing crisis. Chu has suggested higher levies could apply for larger developers who have an ability to pay higher rates and who leave sites vacant. Readers like you are keeping these stories free for everyone... A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation. Learn More Support The Journal
New York Post
07-05-2025
- New York Post
Tech expert warns of ‘extremely sophisticated' new Gmail scam claiming to be from ‘law enforcement'
It's a digital wolf in sheep's clothing. Phishing messages are becoming nearly indistinguishable from the real deal. Now, techsperts are warning of a super 'sophisticated' Google spoofing scheme in which cybercriminals use legitimate-looking Gmail communications to hijack user accounts. Nick Johnson, the lead developer of Ethereum Name Service (ENS), brought this digital Trojan Horse to light in a series of X posts. Advertisement 'Recently I was targeted by an extremely sophisticated phishing attack, and I want to highlight it here,' he wrote while describing the chameleonic scheme. 'It exploits a vulnerability in Google's infrastructure, and given their refusal to fix it, we're likely to see it a lot more.' In this case, the phishing scam was disguised as an official request by law enforcement. 3 To make things more confusing, the email (pictured) originated from an official no-reply on Google's domain. @nicksdjohnson/X Advertisement 'This notice is to alert you that a subpoena was issued to Google LLC by a law enforcement that seeks retrieval of information contained in your Google account,' it read, per a screenshot of the message. 'To examine the case materials or take measures to submit a protest, please do so in the provided Google Support Case.' Upon clicking on 'upload additional documents' or 'view case,' the user is taken to a sign-in page to input their credentials, whereupon bad actors will presumably use them to commander their account. 'I haven't gone further to check,' Johnson noted. 3 Hackers trick people into inputting the credentials, which they then use to compromise their Gmail accounts. issaronow – Advertisement The correspondence was particularly insidious as it linked to a very convincing 'support portal' page. The cyberspoofers also used Google Sites — a free web-based platform for creating websites without needing coding skills — 'because they know people will see the domain is and assume it's legit,' said Johnson. To make things more confusing, the email originated from an official no-reply on Google's domain and was filed 'in the same conversation as other, legitimate security alerts,' the tech whiz warned. 3 In light of the incident, Johnson is calling on Google to disable scripts and arbitrary embeds in Sites to make Gmail less susceptible to phishing. Backcountry Media – Advertisement How did the hackers manage to fly under the radar? Johnson pointed to 'two vulnerabilities in Google's [infrastructure] that they have declined to fix.' He wrote that the legacy product dates back to 'before Google got serious about security,' and allows anyone to host content on a subdomain, including nefarious embeds and scripts such as the above. 'Obviously, this makes building a credential harvesting site trivial; they simply have to be prepared to upload new versions as old ones get taken down by Google's abuse team,' Johnson said. Fortunately, there are a few ways to suss out this masquerade. For one, while the header is signed by it is sent via and sent to the address 'me@blah,' the cybersecurity maven wrote. Also suspect, per Johnson is that there is 'a lot of whitespace' below the phishing message 'followed by 'Google Legal Support was granted access to your Google Account' and the odd me@… email address again.' Advertisement In light of the incident, Johnson is calling on Google to disable scripts and arbitrary embeds in Sites to make Gmail less susceptible to phishing. The Post has contacted Google for comment.
Arabian Post
29-04-2025
- Arabian Post
Gmail Users Exposed in Sophisticated DKIM Replay Phishing Attack
A recent and highly sophisticated phishing campaign has exposed a critical vulnerability within Google's infrastructure, placing Gmail users at significant risk. The attack, identified by Nick Johnson, lead developer of the Ethereum Name Service , demonstrates how cybercriminals can exploit Google's own systems to deliver deceptive emails that appear to originate from legitimate Google sources. Johnson received an email that seemed to be a standard security alert from Google, notifying him of a subpoena allegedly issued by law enforcement concerning his Google account. The email included a link directing him to a page hosted on which closely mimicked Google's official support portal. Upon closer inspection, Johnson noted that the URL should have been raising suspicions about the email's authenticity. The attackers leveraged Google's Sites platform to host these fraudulent pages, exploiting the trust users place in Google's domains. By using which allows any user to create web pages, the phishing pages appeared credible and bypassed many security filters. This tactic is particularly effective because the domain seems trustworthy to most users and can circumvent standard email authentication protocols. A critical component of this attack is the abuse of the DomainKeys Identified Mail protocol. DKIM allows the sending server to attach a digital signature to an email, verifying its authenticity. In this case, the attackers exploited a loophole where DKIM-signed messages retain their signature during replays, provided the email body remains unchanged. This means that if a malicious actor obtains a previously legitimate DKIM-signed email, they can resend it without modification, and it will still pass authentication checks. The attackers executed a multi-step process to exploit this vulnerability: 1. They created a Gmail account with an address starting with 'me@', making the email appear as if it was addressed to 'me,' a common shorthand in Gmail interfaces. 2. They registered a Google OAuth application, naming it to match the phishing link. 3. They granted the OAuth app access to their Google account, triggering a legitimate security warning from [email protected]. 4. This alert, containing the content of the phishing email embedded in the app name, had a valid DKIM signature. 5. They forwarded the message untouched, preserving the DKIM signature's validity. By embedding the entire phishing message in the application name and preparing a fake login site, the attackers created a convincing facade. Once the initial setup was complete, replicating the procedure became straightforward, even if a page was reported and taken down. Notably, reporting abuse on is not a simple process, further aiding the attackers. The phishing email's authenticity was bolstered by the fact that it passed all standard authentication checks, including DKIM, and appeared in the same conversation thread as legitimate security alerts from Google. This level of sophistication makes it challenging for users to discern the fraudulent nature of the email. Google initially responded to Johnson's bug report by stating that the system was 'Working as Intended.' However, after further consideration, Google acknowledged the issue and committed to addressing the OAuth bug. The company has since implemented measures to close this security loophole and recommends that users enable two-factor authentication and passkeys to enhance account security.
The Sun
22-04-2025
- Business
- The Sun
Shock Gmail and PayPal alert lets crooks empty your bank as one savvy target cheers ‘thank god I was paying attention'
GOOGLE and PayPal users have been warned of a convincing new scam that allows hackers to raid their accounts. Cyber crooks have found a way to send out alarming emails that look like they're from the two companies. One of the key checks people often look out for to tell if an email is a con trick is the email address of the sender. Users have come forward sharing screenshots of emails from "no-reply@ that appear to be genuine. But it turns out that online criminals have found a way to mimic Google 's email addresses. Those behind it pulled the vicious ruse off using Google's free Sites web-building app to create fake pages that look convincing. The communications are presented as important subpoenas issued to Google by law enforcement demanding "information contained in your Google Account". Andrew Chen, who received one of the emails, wrote on X: "just got this phishing attempt. "Thank god I was paying attention." Last month, a similar technique was used to try and fool PayPal users, reports Bleeping Computer. In a statement to The Verge, Google said it had now "shut down" the loophole. "We're aware of this class of targeted attack from this threat actor, and have rolled out protections to shut down this avenue for abuse," the firm said. Protect your bank accounts: Enable Google's identity check today "In the meantime, we encourage users to adopt two-factor authentication and passkeys, which provide strong protection against these kinds of phishing campaigns." Two-factor authentication is becoming increasingly popular and can involve you needing a password and a passcode that's texted to you. Microsoft co-founder Bill Gates has previously predicted that passwords will be obsolete one day and stronger security will be needed. You still technically need a password to use multi-step authentication on Google but that's only step number one. Once you've entered a password, you'll then be sent a one time code to your smartphone. You'll then have to enter to gain access to a Google Account. This make things more difficult for hackers because they not only need your password but they would somehow need access to your phone too. TOP 20 MOST COMMON PASSWORDS IN BRITAIN Here's NordVPN's official danger list... password qwerty123 qwerty1 123456 liverpool 123456789 password1 qwerty liverpool1 arsenal 12345678 chelsea Password charlie football abc123 arsenal1 rangers Password1 charlie1
