Security News
A "Potentially devastating and hard-to-detect threat" could be abused by attackers to collect users' browser fingerprinting information with the goal of spoofing the victims without their knowledge, thus effectively compromising their privacy. Academics from Texas A&M University dubbed the attack system "Gummy Browsers," likening it to a nearly 20-year-old "Gummy Fingers" technique that can impersonate a user's fingerprint biometrics.
Since at least late 2019, a network of hackers-for-hire have been hijacking the channels of YouTube creators, luring them with bogus collaboration opportunities to broadcast cryptocurrency scams or sell the accounts to the highest bidder. "Cookie Theft, also known as 'pass-the-cookie attack,' is a session hijacking technique that enables access to user accounts with session cookies stored in the browser," TAG's Ashley Shen said.
University researchers in the US have developed a new fingerprint capturing and browser spoofing attack called Gummy Browsers. The 'Gummy Browsers' attack is the process of capturing a person's fingerprint by making them visit an attacker-controlled website and then using that fingerprint on a target platform to spoof that person's identity.
University researchers in the US have developed a new fingerprint capturing and browser spoofing attack called Gummy Browsers. The 'Gummy Browsers' attack is the process of capturing a person's fingerprint by making them visit an attacker-controlled website and then using that fingerprint on a target platform to spoof that person's identity.
The Chromium team has finally done it - File Transfer Protocol support is not just deprecated, but stripped from the codebase in the latest stable build of the Chrome browser, version 95. A lack of support for encrypted connections in Chrome's FTP implementation, coupled with a general disinterest from the majority of the browser's users, and more capable third-party alternatives being available has meant that the code has moved from deprecated to gone entirely.
Brave, the privacy-conscious web browser, has announced plans to introduce additional privacy protections against 'bounce tracking,' a newer form of tracking that is not currently blocked by the browser. The new system, which Brave's team calls "Debouncing", addresses the bounce tracking method, which disregards users' privacy preferences such as the 'Do Not Track' setting and the blocking of third-party cookies.
Human hacking - phishing attacks across all digital channels - has dramatically increased in 2021. "The cybersecurity industry has done a good job of protecting machines, but those efforts leave the most porous and vulnerable parts of any network - the humans using it - unprotected," said Patrick Harr, SlashNext CEO. "Today's hyper-targeted spear phishing attacks, coming at users from all digital channels, are simply not discernable to the human eye. Add to that the increasing number of attacks coming from legitimate infrastructure, and the reason phishing is the number one thing leading to disruptive ransomware attacks is obvious."
Oi, Google: how did this get past your review process? And Imperva: why does your web page offer to install software? Security vendor Imperva’s research labs have found a browser extension that...
These two sites tell you what sorts of information you’re leaking from your browser.
Likely fed up with the new Windows 11 default apps interface, Mozilla has bypassed Microsoft's policies to make it easier for users to switch their default browser. After some programs began hijacking default program settings without permission, Microsoft added restrictions in Windows 10 by requiring users to specifically choose their default programs.