Security News

A new report details major vulnerabilities among the executive suite at some of the largest pharmaceutical companies.

A Monero cryptocurrency-mining campaign has emerged that exploits a known vulnerability in public-facing web applications built on the ASP.NET open-source web framework. The campaign has been dubbed Blue Mockingbird by the analysts at Red Canary that discovered the activity.

Even with a 30% decline, web applications are still at risk and new scan targets have more vulnerabilities than others, according to a new Acunetix report. While applications protected by web vulnerability scanning are becoming more secure, "relatively new targets have more vulnerabilities, according to the 2020 Acunetix Web Vulnerability Report.

Cyber crooks deploying web credit card skimmers on compromised Magento websites have a new trick up their sleeve: favicons that "Turn" malicious when victims visit a checkout page. Favicons is a file containing one or more small icons associated with a website and are usually displayed in the browser's address bar, on the tab in which a website has been opened, and in the bookmarks.

Three weeks after Google removed 49 Chrome extensions from its browser's software store for stealing crypto-wallet credentials, 11 more password-swiping add-ons have been spotted - and some are still available to download. The dodgy add-ons masquerade as legit crypto-wallet extensions, and invite people to type in their credentials to access their digital money, but are totally unofficial, and designed to siphon off those login details to crooks. Denley provided The Register with a list of extension identifiers, previously reported to Google, and we were able to find some still available in the Chrome Web Store at time of writing.

A new report details major vulnerabilities among the executive suite at some of the largest pharmaceutical companies. A new report from cybersecurity firm BlackCloak details widespread vulnerabilities among the executive suite at some of the largest pharmaceutical companies on planet Earth.

A Forbes report last week outlined how some Xiaomi Android phones track their owners' web browsing and online activities. It was claimed the handsets' bundled Xiaomi browser collects things like browsing history, search queries, and news feed activity, and sends the data off to servers in China, even in private incognito mode.

Developers use a number of ways to breed extensions like a bunch of spam bunnies in Google's Chrome Web Store, which is the biggest extension catalog online. User Ratings, Reviews, and Installs: Developers are forbidden from manipulating their extensions' placement in the Chrome Web Store by doing things like cooking up bogus downloads, reviews or ratings.

Google this week announced a new set of rules for its Chrome Web Store, meant to ensure that developers don't spam users with extensions that have similar functionality. The Chrome Web Store has been available since 2011, offering a total of more than 200.000 browser extensions that allow users to easily customize their browsing experience in Chrome.

Although the use of applications has steadily increased, the difference in the ways that web and mobile applications are protected is not widely understood. Many companies that have been using security tools for their web application may feel that moving these security tools to mobile may be difficult, but it isn't.