Security News
Hackers are launching new attacks to steal Steam credentials using a Browser-in-the-Browser phishing technique that is rising in popularity among threat actors. Today, Group-IB published a new report on the topic, illustrating how a new campaign using the 'Browser-in-the-Browser' method targets Steam users, going after accounts for professional gamers.
A new online tool named 'InAppBrowser' lets you analyze the behavior of in-app browsers embedded within mobile apps and determine if they inject privacy-threatening JavaScript into websites you visit. The revelations shook the communities of popular apps that feature embedded browsers, so to help users determine the behavior of their app's activity, Krause released the 'InAppBrowser' online tool and open-sourced its source code.
A new online tool named 'InAppBrowser' lets you analyze the behavior of in-app browsers embedded within mobile apps and determine if they inject privacy-threatening JavaScript into websites you visit. The revelations shook the communities of popular apps that feature embedded browsers, so to help users determine the behavior of their app's activity, Krause released the 'InAppBrowser' online tool and open-sourced its source code.
Apple just pushed out an emergency update for two zero-day bugs that are apparently actively being exploited. There's a remote code execution hole dubbed CVE-20220-32893 in Apple's browser and HTML rendering software, by means of which a booby trapped web page can trick iPhones, iPads and Macs into running unauthorised and untrusted software code.
Browser extensions, also called add-ons, are mostly downloaded from official marketplaces or browser providers repositories, such as the Chrome Web Store or the Firefox Add-ons website. In 2020, 106 browser extensions were removed from the Chrome Web Store, being used to steal user data, take screen captures or even steal credit card information from web forms.
More than 1.31 million users attempted to install malicious or unwanted web browser extensions at least once, new findings from cybersecurity firm Kaspersky show. "From January 2020 to June 2022, more than 4.3 million unique users were attacked by adware hiding in browser extensions, which is approximately 70% of all users affected by malicious and unwanted add-ons," the company said.
Google has issued 11 security fixes for desktop Chrome, including one bug that has an exploit for it out in the wild. This is the fifth Chrome bug Google has fixed this year that has either been exploited or had exploit code in the wild.
The latest update to Google's Chrome browser is out, bumping the four-part version number to 104.0.5112.101, or to 104.0.5112.102. Chrome will probably update itself, but we always recommend checking anyway.
Almost 7 million users have attempted to install malicious browser extensions since 2020, with 70% of those extensions used as adware to target users with advertisements. The most common payloads carried by malicious web browser extensions during the first half of 2022 belonged to adware families, snooping on browsing activity and promoting affiliate links.
Users of Apple's Instagram and Facebook iOS apps are being warned that both use an in-app browser that allows parent company Meta to track 'every single tap' users make with external websites accessed via the software. iOS users' concerns over tracking were addressed by Apple's 2021 release of iOS 14.5 and a feature called App Tracking Transparency.