Likely fed up with the new Windows 11 default apps interface, Mozilla has bypassed Microsoft's policies to make it easier for users to switch their default browser. After some programs began hijacking default program settings without permission, Microsoft added restrictions in Windows 10 by requiring users to specifically choose their default programs.
Chances are good you're not using your browser with a strong enough eye on security. For the love of privacy and security, stop! You're using the default settings in your web browser, thereby assuming the companies that created the software either know what's best for you or don't have ulterior motives for how they set security options in their products.
A North Korean threat actor has been discovered taking advantage of two exploits in Internet Explorer to infect victims with a custom implant as part of a strategic web compromise targeting a South Korean online newspaper. The "Clever disguise of exploit code amongst legitimate code" and the use of custom malware enables the attackers to avoid detection, Volexity researchers said.
A malware campaign uses a clever captcha prompt to trick users into bypassing browsers warnings to download the Ursnif banking trojan.Yesterday, security researcher MalwareHunterTeam shared a suspicious URL with BleepingComputer that downloads a file when attempting to watch an embedded YouTube video about a New Jersey women's prison.
Jack Wallen addresses the challenging question of which browser is best to use for transmitting encrypted data. You might work within a company LAN that doesn't allow for the Tor browser to function.
ThycoticCentrify, formed from a merger between two computer access management firms, said it surveyed about 8,000 people, and reports just under a quarter admitted they reuse passwords across multiple websites - a cybersecurity no-no because it opens you up to credential stuffing. The use of browser-stored passwords was also called out as a potential security risk by ThycoticCentrify, with a third of respondents apparently saying they rely on their web browser to manage their passphrases.
An unidentified threat actor has been exploiting a now-patched zero-day flaw in Internet Explorer browser to deliver a fully-featured VBA-based remote access trojan capable of accessing files stored in compromised Windows systems, and downloading and executing malicious payloads as part of an "Unusual" campaign. The backdoor is distributed via a decoy document named "Manifest.docx" that loads the exploit code for the vulnerability from an embedded template, which, in turn, executes shellcode to deploy the RAT, according to cybersecurity firm Malwarebytes, which spotted the suspicious Word file on July 21, 2021.
A software package available from the official NPM repository has been revealed to be actually a front for a tool that's designed to steal saved passwords from the Chrome web browser. "For instance, this package uses it to perform malicious password stealing and credential exfiltration. Even though this off-the-shelf password recovery tool comes with a graphical user interface, malware authors like to use it as it can also be run from the command line."