Security News

LummaC2 Malware Deploys New Trigonometry-Based Anti-Sandbox Technique
2023-11-20 10:49

The stealer malware known as LummaC2 (aka Lumma Stealer) now features a new anti-sandbox technique that leverages the mathematical principle of trigonometry to evade detection and exfiltrate...

Google Chrome Rolls Out Support for 'Privacy Sandbox' to Bid Farewell to Tracking Cookies
2023-09-11 11:00

Google has officially begun its rollout of Privacy Sandbox in the Chrome web browser to a majority of its users, nearly four months after it announced the plans. "We believe it is vital to both improve privacy and preserve access to information, whether it's news, a how-to-guide, or a fun video," Anthony Chavez, vice president of Privacy Sandbox initiatives at Google, said.

Google rolls out Privacy Sandbox to use Chrome browsing history for ads
2023-09-09 18:59

Google has started to roll out its new interest-based advertising platform called the Privacy Sandbox, shifting the tracking of user's interests from third-party cookies to the Chrome browser. While Google states that the Privacy Sandbox is designed to increase privacy by letting your web browser compute your interests locally rather than through cookies, Apple, Mozilla, and the WC3 TAG have cited numerous issues with the proposal.

Google triples rewards for Chrome sandbox escape chain exploits
2023-06-01 16:00

Google announced today that bug bounty hunters who report sandbox escape chain exploits targeting its Chrome web browser are now eligible for triple the standard reward until December 1st, 2023. "The full chain exploit must result in a Chrome browser sandbox escape, with a demonstration of attacker control / code execution outside of the sandbox. The exploit scenario must be fully remote and the exploit able to be used by a remote attacker," Google explains.

Privacy Sandbox Initiative: Google to Phase Out Third-Party Cookies Starting 2024
2023-05-19 12:28

Google has announced plans to officially flip the switch on its twice-delayed Privacy Sandbox initiatives as it slowly works its way to deprecate support for third-party cookies in Chrome browser. To that end, the search and advertising giant said it intends to phase out third-party cookies for 1% of Chrome users globally in the first quarter of 2024.

New sandbox escape PoC exploit available for VM2 library, patch now
2023-04-18 14:39

A security researcher has released, yet another sandbox escape proof of concept exploit that makes it possible to execute unsafe code on a host running the VM2 sandbox. VM2 is a specialized JavaScript sandbox used by a broad range of software tools for running and testing untrusted code in an isolated environment, preventing the code from accessing the host's system resources or external data.

Popular server-side JavaScript security sandbox “vm2” patches remote execution hole
2023-04-09 00:28

Back in 2022, about a code execution hole in the widely-used JavaScript sandbox system vm2. Your web browser is a good example of a sandbox, which is how it keeps control over JavaScript programs that it downloads and runs from remote websites.

Researchers Discover Critical Remote Code Execution Flaw in vm2 Sandbox Library
2023-04-08 05:04

The maintainers of the vm2 JavaScript sandbox module have shipped a patch to address a critical flaw that could be abused to break out of security boundaries and execute arbitrary shellcode. The flaw, which affects all versions, including and prior to 3.9.14, was reported by researchers from South Korea-based KAIST WSP Lab on April 6, 2023, prompting vm2 to release a fix with version 3.9.15 on Friday.

Exploit available for critical bug in VM2 JavaScript sandbox library
2023-04-07 17:41

Proof-of-concept exploit code has been released for a recently disclosed critical vulnerability in the popular VM2 library, a JavaScript sandbox that is used by multiple software to run code securely in a virtualized environment. The researchers who found that the VM2 library handled improperly the host objects passed to the 'Error.

Sandbox blockchain game breached to send emails linking to malware
2023-03-06 18:18

The Sandbox blockchain game is warnings its community that a security incident caused some users to receive fraudulent emails impersonating the game, trying to infect them with malware. The Sandbox is a blockchain-based open-world multiplayer game with over 350,000 active monthly users, offering them ways to build, own, and monetize interactive content like virtual worlds, items, and experiences.