Security News

Microsoft warns of ad-scamming, credential-stealing malware hitting Edge, Chrome, Firefox, Yandex browsers
2020-12-10 21:06

On Thursday Microsoft warned that there's an ongoing campaign to distribute malware that modifies web browsers to conduct credential theft and ad fraud. Since at least May, 2020, unidentified cybercriminals have been distributing a family of browser modifiers dubbed Adrozek, Microsoft said.

Google Chrome's crackdown on ad blockers and browser extensions, Manifest v3, is now available in beta
2020-12-10 08:27

Google, which makes most of its money from online ads, insists it wants ad blockers to continue working under the latest, more locked-down iteration of its Chrome browser extension platform, known as Manifest v3. As a way to measure the problem, Alexandre Blondin, Chrome product manager, pointed out in a blog post on Wednesday that when Google integrated the Chrome Web Store with its Google Safe Browsing infrastructure, "The number of malicious extensions that Chrome disabled to protect people grew by 81 percent."

High-Severity Chrome Bugs Allow Browser Hacks
2020-12-04 20:40

Google has updated its Chrome web browser, fixing four bugs with a severity rating of "High" and eight overall. An updated 87.0.4280.88 version of Chrome addresses the bugs and will "Roll out over the coming days/weeks," Google wrote.

New Jupyter malware steals browser data, opens backdoor
2020-11-13 07:05

While Jupyter's purpose is to collect data from various software, the malicious code supporting its delivery can also be used to create a backdoor on an infected system. A variant of the malware emerged during an incident response engagement in October at a University in the U.S. But forensic data indicates that earlier versions have been developed since May. Researchers at cybersecurity company Morphisec discovered that the developers of the attack kit were highly active, some components receiving more than nine updates in a single month.

Two New Chrome 0-Days Under Active Attacks – Update Your Browser
2020-11-11 19:36

Google has patched two more zero-day flaws in the Chrome web browser for desktop, making it the fourth and fifth actively exploited vulnerabilities addressed by the search giant in recent weeks. Tracked as CVE-2020-16013 and CVE-2020-16017, the flaws were discovered and reported to Google by "Anonymous" sources, unlike previous cases, which were uncovered by the company's Project Zero elite security team.

Malicious NPM project steals Discord accounts, browser info
2020-11-09 17:37

A heavily obfuscated and malicious NPM project is used to steal Discord user tokens and browser information from unsuspecting users. Due to this open system, it is becoming common for malicious actors to upload malicious modules that steal data, download and execute programs, or perform malicious behavior when used in other projects.

New Slipstream NAT bypass attacks to be blocked by browsers
2020-11-09 16:09

Web browser vendors are planning to block a new attack technique that would allow attackers to bypass a victim's NAT, firewall, or router to gain access to any TCP/UDP service hosted on their devices. To expose hosted services, the attack abuses certain NAT devices scanning port 5060 to create port forwarding rules when detecting maliciously-crafted HTTP requests camouflaged as valid SIP requests.

Two Chrome Browser Updates Plug Holes Actively Targeted by Exploits
2020-11-03 17:23

The vulnerability is tied to Google's open source JavaScript and WebAssembly engine called V8. In its disclosure, the flaw is described as an "Inappropriate implementation in V8". Clement Lecigne of Google's Threat Analysis Group and Samuel Gross of Google Project Zero discovered the Chrome desktop bug on Oct. 29, according to a blog post announcing the fixes by Prudhvikumar Bommana of the Google Chrome team. "Today Chrome fixed two more vulnerabilities that were being actively exploited in the wild. CVE-2020-16009 is a v8 bug used for remote code execution, CVE-2020-16010 is a Chrome sandbox escape for Android," he wrote.

New Chrome Zero-Day Under Active Attacks – Update Your Browser
2020-11-03 03:15

Google has patched a second actively exploited zero-day flaw in the Chrome browser in two weeks, along with addressing nine other security vulnerabilities in its latest update. The zero-day flaw, tracked as CVE-2020-16009, was reported by Clement Lecigne of Google's Threat Analysis Group and Samuel Groß of Google Project Zero on October 29.

Privacy-focused Brave browser grew over 130% in the past year
2020-11-02 18:49

Brave Browser, the privacy-focused web browser, announced today that it grew in usage by over 130% in its first year of the release of its 'Stable' version. On November 13th, 2019, Brave Browser released its first Stable version after it had already accumulated 8.7 million monthly active users and 3 million daily active users during its Beta period.