Security News

Firefox now bypasses Windows 11's messy default browser settings
2021-09-13 21:00

Likely fed up with the new Windows 11 default apps interface, Mozilla has bypassed Microsoft's policies to make it easier for users to switch their default browser. After some programs began hijacking default program settings without permission, Microsoft added restrictions in Windows 10 by requiring users to specifically choose their default programs.

Stop using your web browser security wrong
2021-09-09 15:38

Chances are good you're not using your browser with a strong enough eye on security. For the love of privacy and security, stop! You're using the default settings in your web browser, thereby assuming the companies that created the software either know what's best for you or don't have ulterior motives for how they set security options in their products.

NK Hackers Deploy Browser Exploits on South Korean Sites to Spread Malware
2021-08-18 07:51

A North Korean threat actor has been discovered taking advantage of two exploits in Internet Explorer to infect victims with a custom implant as part of a strategic web compromise targeting a South Korean online newspaper. The "Clever disguise of exploit code amongst legitimate code" and the use of custom malware enables the attackers to avoid detection, Volexity researchers said.

Malware campaign uses clever 'captcha' to bypass browser warning
2021-08-17 15:00

A malware campaign uses a clever captcha prompt to trick users into bypassing browsers warnings to download the Ursnif banking trojan.Yesterday, security researcher MalwareHunterTeam shared a suspicious URL with BleepingComputer that downloads a file when attempting to watch an embedded YouTube video about a New Jersey women's prison.

The most secure browser for transmitting sensitive data is definitely not Chrome
2021-08-06 13:27

Jack Wallen addresses the challenging question of which browser is best to use for transmitting encrypted data. You might work within a company LAN that doesn't allow for the Tor browser to function.

Microsoft wonders if disabling just-in-time compilation of JavaScript improves browser security
2021-08-06 05:30

Microsoft is conducting an experiment it hopes will improve browser security - by making its Edge offering worse at running JavaScript. As explained in a post by Johnathan Norman, the vulnerability research lead for Microsoft Edge, JavaScript is the juiciest target when trying to crack a browser - because engines like Google's V8 and the just-in-time compilation techniques they employ use "a remarkably complex process that very few people understand" and have "a small margin for error" in the way they handles code.

Microsoft Launches JIT-Free 'Super Duper Secure Mode' Edge Browser Experiment
2021-08-05 16:39

Security engineers at Microsoft plan to rip out a key performance feature from the Edge browser in an experiment aimed at better measuring the tradeoffs between security, optimization and performance. The plan is to create a provocatively named "Super Duper Secret Mode" in Edge that deliberately disables support for the browser's JavaScript JIT compiler while adding a major anti-exploitation roadblock from Intel Corp. The new SDSM test - available in Edge preview builds select users - essentially rips out JIT, a feature that makes browsers run faster but data shows that these components introduce attack surfaces that have already been exploited in malware campaigns.

We can't believe people use browsers to manage their passwords, says maker of password management tools
2021-07-30 06:27

ThycoticCentrify, formed from a merger between two computer access management firms, said it surveyed about 8,000 people, and reports just under a quarter admitted they reuse passwords across multiple websites - a cybersecurity no-no because it opens you up to credential stuffing. The use of browser-stored passwords was also called out as a potential security risk by ThycoticCentrify, with a third of respondents apparently saying they rely on their web browser to manage their passphrases.

Hackers Exploit Microsoft Browser Bug to Deploy VBA Malware on Targeted PCs
2021-07-29 08:18

An unidentified threat actor has been exploiting a now-patched zero-day flaw in Internet Explorer browser to deliver a fully-featured VBA-based remote access trojan capable of accessing files stored in compromised Windows systems, and downloading and executing malicious payloads as part of an "Unusual" campaign. The backdoor is distributed via a decoy document named "Manifest.docx" that loads the exploit code for the vulnerability from an embedded template, which, in turn, executes shellcode to deploy the RAT, according to cybersecurity firm Malwarebytes, which spotted the suspicious Word file on July 21, 2021.

Malicious NPM Package Caught Stealing Users' Saved Passwords From Browsers
2021-07-22 21:29

A software package available from the official NPM repository has been revealed to be actually a front for a tool that's designed to steal saved passwords from the Chrome web browser. "For instance, this package uses it to perform malicious password stealing and credential exfiltration. Even though this off-the-shelf password recovery tool comes with a graphical user interface, malware authors like to use it as it can also be run from the command line."