Security News

The maintainers of the Tails project have issued a warning that the Tor Browser that's bundled with the operating system is unsafe to use for accessing or entering sensitive information. "We recommend that you stop using Tails until the release of 5.1 if you use Tor Browser for sensitive information," the project said in an advisory issued this week.

The ChromeLoader malware is seeing an uptick in detections this month, following a relatively stable volume since the start of the year, causing the browser hijack to become a widespread threat. ChromeLoader is a browser hijacker that can modify the victim's web browser settings to show search results that promote unwanted software, fake giveaways and surveys, and adult games and dating sites.

The privacy-focused DuckDuckGo browser purposely allows Microsoft trackers on third-party sites due to an agreement in their syndicated search content contract between the two companies. "Tracker Radar automatically blocks hidden third-party trackers we can find lurking on websites you visit in DuckDuckGo, which stops the companies behind those trackers from collecting and selling your data," explains the Apple App Store page for the DuckDuckGo Privacy Browser.

The new PyScript project lets you embed Python programs directly in HTML pages and execute them within the browser without any server-based requirements. "PyScript is a framework that allows users to create rich Python applications in the browser using a mix of Python with standard HTML." explains Anaconda in a recent blog post.

Microsoft has released the Windows 11 KB5012592 cumulative update with security updates, quality improvements, and a fix that makes it easier to switch your default browser. KB5012592 is a mandatory cumulative update as it contains the April 2022 Patch Tuesday security updates for vulnerabilities discovered in previous months.

Instead, you can turn to a lesser known but more privacy-minded browser, and one candidate is the Ghostery Dawn browser. Made by the people behind the Ghostery browser privacy extension, Dawn tries to limit the information that is typically monitored and recorded when you use one of the major browsers.

Browser in the browser attacks consist of simulating a browser window within the browser to spoof a legitimate domain. The principle is pretty straightforward: The user connects to a website, which in turn opens a new browser window that asks for Google, Apple, Microsoft or other third parties' credentials, to allow the user to log in.

A Belarusian threat actor known as Ghostwriter has been spotted leveraging the recently disclosed browser-in-the-browser technique as part of their credential phishing campaigns exploiting the ongoing Russo-Ukrainian conflict. The method, which masquerades as a legitimate domain by simulating a browser window within the browser, makes it possible to mount convincing social engineering campaigns.

The novel phishing technique, described last week by a penetration tester and security researcher who goes by the handle mr. The concocted popups simulate a browser window within the browser, spoofing a legitimate domain and making it possible to stage convincing phishing attacks.

A novel phishing technique called browser-in-the-browser attack can be exploited to simulate a browser window within the browser in order to spoof a legitimate domain, thereby making it possible to stage convincing phishing attacks. "Combine the window design with an iframe pointing to the malicious server hosting the phishing page, and it's basically indistinguishable," mrd0x said in a technical write-up published last week.