Security News

Chances are good you're not using your browser with a strong enough eye on security. For the love of privacy and security, stop! You're using the default settings in your web browser, thereby assuming the companies that created the software either know what's best for you or don't have ulterior motives for how they set security options in their products.

A North Korean threat actor has been discovered taking advantage of two exploits in Internet Explorer to infect victims with a custom implant as part of a strategic web compromise targeting a South Korean online newspaper. The "Clever disguise of exploit code amongst legitimate code" and the use of custom malware enables the attackers to avoid detection, Volexity researchers said.

A malware campaign uses a clever captcha prompt to trick users into bypassing browsers warnings to download the Ursnif banking trojan.Yesterday, security researcher MalwareHunterTeam shared a suspicious URL with BleepingComputer that downloads a file when attempting to watch an embedded YouTube video about a New Jersey women's prison.

Jack Wallen addresses the challenging question of which browser is best to use for transmitting encrypted data. You might work within a company LAN that doesn't allow for the Tor browser to function.

Microsoft is conducting an experiment it hopes will improve browser security - by making its Edge offering worse at running JavaScript. As explained in a post by Johnathan Norman, the vulnerability research lead for Microsoft Edge, JavaScript is the juiciest target when trying to crack a browser - because engines like Google's V8 and the just-in-time compilation techniques they employ use "a remarkably complex process that very few people understand" and have "a small margin for error" in the way they handles code.

Security engineers at Microsoft plan to rip out a key performance feature from the Edge browser in an experiment aimed at better measuring the tradeoffs between security, optimization and performance. The plan is to create a provocatively named "Super Duper Secret Mode" in Edge that deliberately disables support for the browser's JavaScript JIT compiler while adding a major anti-exploitation roadblock from Intel Corp. The new SDSM test - available in Edge preview builds select users - essentially rips out JIT, a feature that makes browsers run faster but data shows that these components introduce attack surfaces that have already been exploited in malware campaigns.

ThycoticCentrify, formed from a merger between two computer access management firms, said it surveyed about 8,000 people, and reports just under a quarter admitted they reuse passwords across multiple websites - a cybersecurity no-no because it opens you up to credential stuffing. The use of browser-stored passwords was also called out as a potential security risk by ThycoticCentrify, with a third of respondents apparently saying they rely on their web browser to manage their passphrases.

An unidentified threat actor has been exploiting a now-patched zero-day flaw in Internet Explorer browser to deliver a fully-featured VBA-based remote access trojan capable of accessing files stored in compromised Windows systems, and downloading and executing malicious payloads as part of an "Unusual" campaign. The backdoor is distributed via a decoy document named "Manifest.docx" that loads the exploit code for the vulnerability from an embedded template, which, in turn, executes shellcode to deploy the RAT, according to cybersecurity firm Malwarebytes, which spotted the suspicious Word file on July 21, 2021.

A software package available from the official NPM repository has been revealed to be actually a front for a tool that's designed to steal saved passwords from the Chrome web browser. "For instance, this package uses it to perform malicious password stealing and credential exfiltration. Even though this off-the-shelf password recovery tool comes with a graphical user interface, malware authors like to use it as it can also be run from the command line."

Image: Josh Calabrese, CNA. Leading US insurance company CNA Financial has provided a glimpse into how Phoenix CryptoLocker operators breached its network, stole data, and deployed ransomware payloads in a ransomware attack that hit its network in March 2021. The ransomware operator obtained elevated privileges on the system via "Additional malicious activity" and then moved laterally through CNA's network, breaching and establishing persistence on more devices.