Security News
Human hacking - phishing attacks across all digital channels - has dramatically increased in 2021. "The cybersecurity industry has done a good job of protecting machines, but those efforts leave the most porous and vulnerable parts of any network - the humans using it - unprotected," said Patrick Harr, SlashNext CEO. "Today's hyper-targeted spear phishing attacks, coming at users from all digital channels, are simply not discernable to the human eye. Add to that the increasing number of attacks coming from legitimate infrastructure, and the reason phishing is the number one thing leading to disruptive ransomware attacks is obvious."
Oi, Google: how did this get past your review process? And Imperva: why does your web page offer to install software? Security vendor Imperva’s research labs have found a browser extension that...
These two sites tell you what sorts of information you’re leaking from your browser.
Likely fed up with the new Windows 11 default apps interface, Mozilla has bypassed Microsoft's policies to make it easier for users to switch their default browser. After some programs began hijacking default program settings without permission, Microsoft added restrictions in Windows 10 by requiring users to specifically choose their default programs.
Chances are good you're not using your browser with a strong enough eye on security. For the love of privacy and security, stop! You're using the default settings in your web browser, thereby assuming the companies that created the software either know what's best for you or don't have ulterior motives for how they set security options in their products.
A North Korean threat actor has been discovered taking advantage of two exploits in Internet Explorer to infect victims with a custom implant as part of a strategic web compromise targeting a South Korean online newspaper. The "Clever disguise of exploit code amongst legitimate code" and the use of custom malware enables the attackers to avoid detection, Volexity researchers said.
A malware campaign uses a clever captcha prompt to trick users into bypassing browsers warnings to download the Ursnif banking trojan.Yesterday, security researcher MalwareHunterTeam shared a suspicious URL with BleepingComputer that downloads a file when attempting to watch an embedded YouTube video about a New Jersey women's prison.
Jack Wallen addresses the challenging question of which browser is best to use for transmitting encrypted data. You might work within a company LAN that doesn't allow for the Tor browser to function.
Microsoft is conducting an experiment it hopes will improve browser security - by making its Edge offering worse at running JavaScript. As explained in a post by Johnathan Norman, the vulnerability research lead for Microsoft Edge, JavaScript is the juiciest target when trying to crack a browser - because engines like Google's V8 and the just-in-time compilation techniques they employ use "a remarkably complex process that very few people understand" and have "a small margin for error" in the way they handles code.
Security engineers at Microsoft plan to rip out a key performance feature from the Edge browser in an experiment aimed at better measuring the tradeoffs between security, optimization and performance. The plan is to create a provocatively named "Super Duper Secret Mode" in Edge that deliberately disables support for the browser's JavaScript JIT compiler while adding a major anti-exploitation roadblock from Intel Corp. The new SDSM test - available in Edge preview builds select users - essentially rips out JIT, a feature that makes browsers run faster but data shows that these components introduce attack surfaces that have already been exploited in malware campaigns.