Google has come up Vulnerability-related.PatchVulnerability with a fix for the phishing scam Attack.Phishing that affected users . A Chrome browser update , which has been rolling out Vulnerability-related.PatchVulnerability since February , now issues a warning when you 've landed on an page with the scam . In your browser address bar , look out for `` not secure '' to the left of the address . Fortune reports that in the future , Google will present this warning and indicate unprotected sites more aggressively with a red triangle . According to Satnam Narang , Senior Security Response Manager at Norton by Symantec , here 's how the Gmail phishing scam Attack.Phishing works : You 'll see an email in your inbox from one of your contacts who has already been hacked . The email looks like it contains an attachment . But if you look closely , as this Twitter user did , you 'll notice that the image preview for the attachment looks slightly fuzzy . This is because there is n't actually an attachment , just an image designed to look like Attack.Phishing one . If you click on the image you 'll be directed to a page that looks like the standard Google sign-in page . If you log-in there , the damage is done : The hacker can read and download Attack.Databreach all of your emails and could also access Attack.Databreach accounts elsewhere . In the past , you might have recognized a scam by the language in the email . But Narang says that there are reports that these hackers are sending Attack.Phishing emails that look realistic . In one school district , for example , team members received what looked like Attack.Phishing a copy of a practice schedule . Still , there are things you can look out for to spot a fake . `` The best way to identify this attack is to look at the address bar . In this case , look for the words 'data : /text/html ' at the beginning of the URL , '' Narang says . `` If you see this , close the browser tab and alert your friend that their account has been compromised Attack.Databreach . '' Narang also recommends setting up two-step verification for your Gmail account ( find out how to do so here ) . And follow these rules for boosting your password strength . In a statement about the attack , a Google spokesperson said , `` “ We 're aware of this issue and continue to strengthen our defenses against it . We help protect users from phishing attacks Attack.Phishing in a variety of ways , including : machine learning based detection of phishing messages , Safe Browsing warnings that notify users of dangerous links in emails and browsers , preventing suspicious account sign-ins , and more . Users can also activate two-step verification for additional account protection. ” Above all , think twice before clicking on something . We 're starting to see more sophisticated scams , so being vigilant will only help you in the long-run .

In a disclosure Vulnerability-related.DiscoverVulnerability on March 27 that included their own simple Python proof-of-concept , the researchers outlined Vulnerability-related.DiscoverVulnerability the “ buffer overflow in the ScStoragePathFromUrl function in the WebDAV service ” when an attacker sends an overlong IF header request as part of a PROPFIND request ( if that sounds obscure you can read about WebDAV here ) . Designated Vulnerability-related.DiscoverVulnerability CVE-2017-7269 , that ’ s bad news , but the fact that it has been known Vulnerability-related.DiscoverVulnerability about for months – with new exploits now likely – is the main takeaway . Given that IIS 6.0 shipped with Windows Server 2003 R2 in 2005 and Microsoft stopped supporting it after the end of life deadline passed in July 2015 ( ie no more patches ) , one might assume that the install base is small . More likely , this is another version of the Windows XP situation where organisations find it hard to wean themselves off core software and end up putting themselves at risk . In 2015 , research from analysts RiskIQ found 2,675 installs of IIS 6.0 inside 24 of the top FTSE-100 UK companies alone . Incredibly , the same analysis found 417 installs of IIS 5.0 in the same companies , which at that time was a year beyond extended support death . Shodan estimates 600,000 machines still visibly running this software globally , perhaps 10 % of which have the PROPFIND extension running according to an analysis by one enterprising researcher . Nobody knows , but with Microsoft unlikely to step in Vulnerability-related.PatchVulnerability with a fix , it could be more than enough to cause problems . The premium fix is to stop using IIS 6.0 immediately but for anyone who finds that difficult there is one hope : guerrilla patching Vulnerability-related.PatchVulnerability . We discussed this phenomenon in our recent coverage of Google ’ s “ Operation Rosehub ” , but it can be summed up by the simple idea that if the vendor in whose software a vulnerability has arisen can ’ t or won ’ t fix Vulnerability-related.PatchVulnerability the issue then someone else does it for them . A company called Acros Security dubbed this the “ 0patch ” and , lo and behold , has come up Vulnerability-related.PatchVulnerability with a “ micro-patch ” for CVE-2017-7269 . We can ’ t vouch for this but Acros explains how developed this in some detail for anyone staring down the barrel of limited options . What the latest episode challenges is the fixed idea of software lifecycles according to big software vendors , which runs something like “ we ’ ve told them in advance that support will be removed by a given date so if they don ’ t follow our advice and upgrade then that ’ s their lookout ” . The near debacle of XP ’ s zombie afterlife was an example of this MO running aground on the rocks of business reality , beside which the latest IIS 6.0 event might look modest . But an unpatchable zero-day affecting Vulnerability-related.DiscoverVulnerability hundreds of thousands of compromised web servers won ’ t be fun for anyone – Microsoft included