Security News

The extension lets analysts process threat data directly from their web browser. Through a combination of automation and workflow tooling the browser extension reduces the time and effort for CTI analysts to process threat data found either on external websites or on the web-based front-ends of their internal security controls.

On Thursday, Google released security patches to stomp out high-severity vulnerabilities in its Chrome browser. Overall, eight security bugs were addressed in Chrome browser version 80.0.3987.162 for Windows, Mac, and Linux.

TLS 1.0 is over two decades old, and TLS 1.1 was only meant to address some limitations in the former and prevent specific attacks. In October 2018, major browser makers announced that support for the old and insecure TLS 1.0 and 1.1 protocol versions would be removed in March 2020, but such plans have been postponed due to the current COVID-19 pandemic.

In one of the strangest stories of the year, the COVID-19 virus has halted plans by major browsers to drop support for the ageing and insecure Transport Layer Security 1.0 and 1.1 protocols. While a temporary delay, it's still an unexpected retreat for an industry which had showed unity in collectively deciding to banish TLS 1.0 and the lesser used TLS 1.1 by early 2020.

After re-Chroming its Edge browser last summer, Microsoft this week announced a list of new security and privacy features it plans to add to forthcoming versions in an effort to take on its rivals. The third is called Password Monitor, a feature that will tell Edge users when usernames and passwords they've entered on a website have been found on the dark web.

Firefox has decided it's time to burn the browser's FTP connections. Platform list, developer Michal Novotny announced "We plan to remove FTP protocol implementation from our code."

The Tor browser has fixed a bug that could have allowed JavaScript to execute on websites even when users think they've disabled it for maximum anonymity. The Tor Project revealed the issue in the release notes for version 9.0.6, initially suggesting users manually disable JavaScript for the time being if the issue bothered them.

It sounds almost impossible to stop, but not according to the makers of the Brave browser, which is using its latest developer build to test a new defence against fingerprinting: confusing fingerprinting collection algorithms by randomising some of the data they collect. Although fingerprinting has a lot of possible APIs and network IDs to utilise, Brave's concept is that it is only necessary to disrupt a few to confuse surveillance.

The incident is a reminder that browser extensions - however useful or fun they may seem when you install them - typically have a great deal of power and can effectively read and/or write all data in your browsing sessions. The health insurance site was compromised after an employee at the company edited content on the site while using a Web browser equipped with a once-benign but now-compromised extension which quietly injected code into the page.

Users looking for a privacy-focused browser might want to consider Brave first, according to a study published this week. Douglas Leith, professor of computer systems at Trinity University, examined six browsers for his report - Web Browser Privacy: What Do Browsers Say When They Phone Home? He found that Brave's Chromium-based browser is the least likely to reveal unique identifying information about the computer using it.