Chrome 76 blocks websites from detecting incognito mode

Credit to Author: John E Dunn| Date: Mon, 22 Jul 2019 13:24:56 +0000

Ever bypassed a website paywall using a browser’s privacy mode? It was once a simple hack, however, it no longer works for most websites.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/7mBVTCcCHZk” height=”1″ width=”1″ alt=””/>

Read more

A week in security (June 3 – 9)

Credit to Author: Malwarebytes Labs| Date: Mon, 10 Jun 2019 17:30:58 +0000

A weekly roundup of security news from June 3–9, including Magecart, breaches, hyperlink auditing, Bluekeep, FTC, and facial recognition.

Categories:

Tags:

(Read more…)

The post A week in security (June 3 – 9) appeared first on Malwarebytes Labs.

Read more

How to browse the Internet safely at work

Credit to Author: Jovi Umawing| Date: Tue, 05 Feb 2019 16:00:44 +0000

This Safer Internet Day, we’re presenting a guideline to employees on how to navigate the online trenches safely, whether they’re on their desktop computers, company-owned laptops, or mobile devices. Who wants to be the one responsible for a breach? No one.

Categories:

Tags:

(Read more…)

The post How to browse the Internet safely at work appeared first on Malwarebytes Labs.

Read more

Chrome bug that lets sites secretly record audio and video is not a flaw Google says

Credit to Author: Darlene Storm| Date: Wed, 31 May 2017 06:31:00 -0700

If your web browser was recording audio and video of you without any indication it was doing so, would you consider that invasion of privacy a security issue? Chrome doesn’t.

After AOL web developer Ran Bar-Zik discovered that a website can record audio and video without the red recording light appearing on the Chrome tab, he reported the bug

But since users are the crux of problem, Google doesn’t classify it as a security flaw. That’s because before any audio or video recordings, a user has to give a site permission before it can access a user’s webcam or microphone.  

To read this article in full or to leave a comment, please click here

Read more

Google patches Chrome bug from fizzled Pwn2Own hack

Credit to Author: Gregg Keizer| Date: Thu, 30 Mar 2017 12:03:00 -0700

Google yesterday updated Chrome to patch several vulnerabilities, including a bug in the browser’s JavaScript engine that a Chinese team tried to exploit at a recent hacking contest.

The update to version 57.0.2987.133 contained fixes for five vulnerabilities, one marked “Critical” — the most serious rating in Google’s system — and the others tagged “High.”

Of the four vulnerabilities ranked High, one was attributed to “Team Sniper,” one of five groups from Chinese company Tencent Security that participated in this year’s edition of Pwn2Own, one of the world’s best-known hacking contests. Pwn2Own ran March 15-17 alongside the CanSecWest conference in Vancouver, British Columbia.

To read this article in full or to leave a comment, please click here

Read more

LastPass fixes serious password leak flaws

Credit to Author: Lucian Constantin| Date: Wed, 22 Mar 2017 14:21:00 -0700

Developers of the popular LastPass password manager rushed to push out a fix to solve a serious vulnerability that could have allowed attackers to steal users’ passwords or execute malicious code on their computers.

The vulnerability was discovered by Google security researcher Tavis Ormandy and was reported to LastPass on Monday. It affected the browser extensions installed by the service’s users for Google Chrome, Mozilla Firefox and Microsoft Edge.

According to a description in the Google Project Zero bug tracker, the vulnerability could have given attackers access to internal commands inside the LastPass extension. Those are the commands used by the extension to copy passwords or fill in web forms using information stored in the user’s secure vault.

To read this article in full or to leave a comment, please click here

Read more

Mozilla beats rivals, patches Firefox's Pwn2Own bug

Credit to Author: Gregg Keizer| Date: Mon, 20 Mar 2017 17:26:00 -0700

Mozilla last week patched a Firefox vulnerability just a day after it was revealed during Pwn2Own, the first vendor to fix a flaw disclosed at the hacking contest.

“Congrats to #Mozilla for being the first vendor to patch vuln[erability] disclosed during #Pwn2Own,” tweeted the Zero Day Initiative (ZDI) Monday. ZDI, the bug brokerage run by Trend Micro, sponsored Pwn2Own.

Mozilla released Firefox 52.0.1 on Friday, March 17, with a patch for the integer overflow bug that Chaitin Security Research Lab leveraged in an exploit at Pwn2Own on Thursday, March 16. The Beijing-based group was awarded $30,000 by ZDI for the exploit, which combined the Firefox bug with one in the Windows kernel.

To read this article in full or to leave a comment, please click here

Read more

Google discloses unpatched IE flaw after Patch Tuesday delay

Credit to Author: Lucian Constantin| Date: Fri, 24 Feb 2017 10:44:00 -0800

Google’s Project Zero team has disclosed a potential arbitrary code execution vulnerability in Internet Explorer because Microsoft has not acted within Google’s 90-day disclosure deadline.

This is the second flaw in Microsoft products made public by Google Project Zero since the Redmond giant decided to skip this month’s Patch Tuesday and postpone its previously planned security fixes until March.

Microsoft blamed the unprecedented decision to push back scheduled security updates by a month on a “last minute issue” that could have had an impact on customers, but the company hasn’t clarified the nature of the problem.

To read this article in full or to leave a comment, please click here

Read more

True privacy online is not viable

Credit to Author: Evan Schuman| Date: Tue, 21 Feb 2017 03:00:00 -0800

Privacy-concerned consumers desperately want a magic bullet, some simple thing they can use that will protect their identities and their web activity. And although there are a plethora of offerings today that make such a claim — VPNs, privacy-focused browsers such as Tor, privacy search engines such as DuckDuckGo, quite a few services that claim to anonymize anyone’s activity — the practical realities of human behavior make such privacy claims bogus.

Let me stress that almost all of these services do indeed help a person remain anonymous from the casual, untrained observer (the typical roommate, spouse, co-worker, boss, etc.). But any consumer who thinks that these tools will thwart a law enforcement agent, motivated cyberthief or identity thief, or anyone who is willing to spend the time to track you down is in for unhappiness.

To read this article in full or to leave a comment, please click here

Read more