Security News
If Safari isn't your default Mac web browser, it should be when Apple releases macOS Big Sur. With macOS Big Sur improvements on the way, there's no doubt that Safari can handle responsibility.
Folks running Bitdefender's Total Security 2020 package should check they have the latest version installed following the disclosure of a remote code execution bug. Palant said the vulnerability was within a component called Online Protection within that suite, meaning it could be exploited by any website opened in any browser on any computer running Bitdefender's vulnerable antivirus package.
Folks running Bitdefender's Total Security 2020 package should check they have the latest version installed following the disclosure of a remote code execution bug. Palant said the vulnerability was within a component called Online Protection within that suite, meaning it could be exploited by any website opened in any browser on any computer running Bitdefender's vulnerable antivirus package.
Google recently removed 106 more extensions from its Chrome Web Store after they were found illegally collecting sensitive user data as part of a "Massive global surveillance campaign" targeting oil and gas, finance, and healthcare sectors. The extensions in question posed as utilities offering capabilities to convert files from one format to the other, among other tools for secure browsing, while relying on thousands of fake reviews to trick unsuspecting users into installing them.
Otorio's incident response team identified a high-score vulnerability in OSISoft's PI System. Installed in some of the world's largest critical infrastructure facilities, OSIsoft Software's PI System is a data management platform that accesses a broad range of core OT network assets in the sites it serves.
Trend Micro has pulled the Privacy Browser from its Dr Safety Android security suite following the discovery of a reoccurring flaw that could be abused to trick people into thinking malicious pages were legit. Trend responded by pulling the app from its Android security suite.
"Microsoft's latest fixes in its June Patch Tuesday update show that when it comes to vulnerabilities, what's old is new again. The same vulnerabilities we've seen appear in Adobe Flash over the past few years, along with common cross-site-scripting issues, were addressed this month. As witnessed within Microsoft Office SharePoint, there were multiple XSS vulnerabilities identified in the same product - this could be the result of a researcher who found one flaw and decided to continue digging, or Microsoft itself going through similar flows of code to try to fix them all." "This month starts with CVE-2020-1281, a remote code execution vulnerability in Microsoft's Object Linking & Embedding. This vulnerability impacts Windows 7 through 10 and Windows Server 2008 through 2019. The vulnerability exists in the way OLE validates user input. An attacker who sent a specially crafted file or program, or convinced a victim to download one, could execute malicious code on the victim's machine. Microsoft assigned this vulnerability a CVSS score of 7.8; a similar vulnerability, CVE-2017-0199, has been widely exploited including by the Lazarus group and APT 34.".
Firefox 77 and Tor Browser 9.5 were released this week with patches for a variety of vulnerabilities, including several rated high severity. Mozilla's browser arrived with a total of 8 security fixes, including 5 that address high severity issues.
The Tor Project this week rolled out an update to its browser that attempts to make the anonymity-protecting onion routing scheme more approachable. The Tor Project itself emerged from federally funded research led by the US Office of Naval Research and DARPA. Tor is an acronym for the original name of the project, The Onion Router, an encrypted networking protocol designed to support anonymous communication - although paradoxically a popular website for Tor users is Facebook.
Akamai, the intelligent edge platform for securing and delivering digital experiences, announced the launch of Page Integrity Manager, an in-browser threat detection solution designed to uncover compromised scripts that could be used to steal user data or impact the user experience. Initially popularized by Magecart groups, and now being leveraged by other threat actors, the attack vector of malicious web page scripts is growing and has become a frequent source of data breaches.