Security News
Details have emerged about a now-patched vulnerability in Google Chrome and Chromium-based browsers that, if successfully exploited, could have made it possible to siphon files containing confidential data. "The issue arose from the way the browser interacted with symlinks when processing files and directories," Imperva researcher Ron Masas said.
From your accounting software to your team chat, running a business today involves connecting to a variety of online apps. This leaves you vulnerable to attacks - unless you're using something like the KeepSolid Private Browser.
The Tor Project team has announced the release of Tor Browser 12.0, a major version release introducing support for Apple Silicon chips and several enhancements for the Android version. Tor browser version 12.0 is based on Firefox 102, an upgrade from Firefox version 91, which was used as the base for the previous Tor release, v11.5.
Vivaldi 5.6 was released today with a Mastodon client integrated directly into the browser's sidebar, seamlessly incorporating the rising social media platform in the browser's interface. [...]
Search giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser. The high-severity flaw, tracked as CVE-2022-4262, concerns a type confusion bug in the V8 JavaScript engine.
Google on Thursday released software updates to address yet another zero-day flaw in its Chrome web browser. Clement Lecigne of Google's Threat Analysis Group has been credited with reporting the flaw on November 22, 2022.
A malicious extension for Chromium-based web browsers has been observed to be distributed via a long-standing Windows information stealer called ViperSoftX. Czech-based cybersecurity company dubbed the rogue browser add-on VenomSoftX owing to its standalone features that enable it to access website visits, steal credentials and clipboard data, and even swap cryptocurrency addresses via an adversary-in-the-middle attack. The malware's use of a browser extension to advance its information-gathering goals was documented by Sophos threat analyst Colin Cowie earlier this year.
Most western nations like America, Australia etc have legislation "To compell" in one way or abother. Others have placed staff in CA's or by financial manipulation have gained sympathetic help.
The Keksec threat actor has been linked to a previously undocumented malware strain, which has been observed in the wild masquerading as an extension for Chromium-based web browsers to enslave compromised machines into a botnet. Called Cloud9 by security firm Zimperium, the malicious browser add-on comes with a wide range of features that enables it to siphon cookies, log keystrokes, inject arbitrary JavaScript code, mine crypto, and even enlist the host to carry out DDoS attacks.
Researchers at Guardio Labs have discovered a new malvertizing campaign pushing Google Chrome extensions that hijack searches and insert affiliate links into webpages. Because all these extensions offer color customization options and arrive on the victim's machine with no malicious code to evade detection, the analysts named the campaign "Dormant Colors."