Report: The Dark Side of Phishing Protection

By: The Hacker News — May 27^th 2024 at 11:46

The transition to the cloud, poor password hygiene and the evolution in webpage technologies have all enabled the rise in phishing attacks. But despite sincere efforts by security stakeholders to mitigate them - through email protection, firewall rules and employee education - phishing attacks are still a very risky attack vector. A new report by LayerX explores the state of

The Hacker News

Update Chrome Browser Now: 4th Zero-Day Exploit Discovered in May 2024

By: Newsroom — May 24^th 2024 at 10:10

Google on Thursday rolled out fixes to address a high-severity security flaw in its Chrome browser that it said has been exploited in the wild. Assigned the CVE identifier CVE-2024-5274, the vulnerability relates to a type confusion bug in the V8 JavaScript and WebAssembly engine. It was reported by Clément Lecigne of Google's Threat Analysis Group and Brendon Tiszka of

The Hacker News

New Chrome Zero-Day Vulnerability CVE-2024-4761 Under Active Exploitation

By: Newsroom — May 14^th 2024 at 13:51

Google on Monday shipped emergency fixes to address a new zero-day flaw in the Chrome web browser that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2024-4761, is an out-of-bounds write bug impacting the V8 JavaScript and WebAssembly engine. It was reported anonymously on May 9, 2024. Out-of-bounds write bugs could be typically

The Hacker News

The 2024 Browser Security Report Uncovers How Every Web Session Could be a Security Minefield

By: The Hacker News — May 13^th 2024 at 12:06

With the browser becoming the most prevalent workspace in the enterprise, it is also turning into a popular attack vector for cyber attackers. From account takeovers to malicious extensions to phishing attacks, the browser is a means for stealing sensitive data and accessing organizational systems. Security leaders who are planning their security architecture

The Hacker News

Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability

By: Newsroom — May 10^th 2024 at 10:23

Google on Thursday released security updates to address a zero-day flaw in Chrome that it said has been actively exploited in the wild. Tracked as CVE-2024-4671, the high-severity vulnerability has been described as a case of use-after-free in the Visuals component. It was reported by an anonymous researcher on May 7, 2024. Use-after-free bugs, which arise when a program

The Hacker News

New Guide Explains How to Eliminate the Risk of Shadow SaaS and Protect Corporate Data

By: The Hacker News — May 3^rd 2024 at 10:42

SaaS applications are dominating the corporate landscape. Their increased use enables organizations to push the boundaries of technology and business. At the same time, these applications also pose a new security risk that security leaders need to address, since the existing security stack does not enable complete control or comprehensive monitoring of their usage.

The Hacker News

Google Postpones Third-Party Cookie Deprecation Amid U.K. Regulatory Scrutiny

By: Newsroom — April 25^th 2024 at 06:37

Google has once again pushed its plans to deprecate third-party tracking cookies in its Chrome web browser as it works to address outstanding competition concerns from U.K. regulators over its Privacy Sandbox initiative. The tech giant said it's working closely with the U.K. Competition and Markets Authority (CMA) and hopes to achieve an agreement by the end of the year. As part of the

The Hacker News

New RedLine Stealer Variant Disguised as Game Cheats Using Lua Bytecode for Stealth

By: Newsroom — April 21^st 2024 at 08:42

A new information stealer has been found leveraging Lua bytecode for added stealth and sophistication, findings from McAfee Labs reveal. The cybersecurity firm has assessed it to be a variant of a known malware called RedLine Stealer owing to the fact that the command-and-control (C2) server IP address has been previously identified as associated with the malware. RedLine Stealer,&nbsp

The Hacker News

Google Chrome Beta Tests New DBSC Protection Against Cookie-Stealing Attacks

By: Newsroom — April 3^rd 2024 at 13:07

Google on Tuesday said it's piloting a new feature in Chrome called Device Bound Session Credentials (DBSC) to help protect users against session cookie theft by malware. The prototype – currently tested against "some" Google Account users running Chrome Beta – is built with an aim to make it an open web standard, the tech giant's Chromium team said. "By binding authentication sessions to the

The Hacker News

Google to Delete Billions of Browsing Records in 'Incognito Mode' Privacy Lawsuit Settlement

By: Newsroom — April 2^nd 2024 at 07:08

Google has agreed to purge billions of data records reflecting users' browsing activities to settle a class action lawsuit that claimed the search giant tracked them without their knowledge or consent in its Chrome browser. The class action, filed in 2020, alleged the company misled users by tracking their internet browsing activity who thought that it remained private when using the "

The Hacker News

Microsoft Edge Bug Could Have Allowed Attackers to Silently Install Malicious Extensions

By: Newsroom — March 27^th 2024 at 12:54

A now-patched security flaw in the Microsoft Edge web browser could have been abused to install arbitrary extensions on users' systems and carry out malicious actions.  "This flaw could have allowed an attacker to exploit a private API, initially intended for marketing purposes, to covertly install additional browser extensions with broad permissions without the user's knowledge," Guardio

The Hacker News

New "GoFetch" Vulnerability in Apple M-Series Chips Leaks Secret Encryption Keys

By: Newsroom — March 25^th 2024 at 09:02

A new security shortcoming discovered in Apple M-series chips could be exploited to extract secret keys used during cryptographic operations. Dubbed GoFetch, the vulnerability relates to a microarchitectural side-channel attack that takes advantage of a feature known as data memory-dependent prefetcher (DMP) to target constant-time cryptographic implementations and capture sensitive data

The Hacker News

Google Introduces Enhanced Real-Time URL Protection for Chrome Users

By: Newsroom — March 15^th 2024 at 07:50

Google on Thursday announced an enhanced version of Safe Browsing to provide real-time, privacy-preserving URL protection and safeguard users from visiting potentially malicious sites. “The Standard protection mode for Chrome on desktop and iOS will check sites against Google’s server-side list of known bad sites in real-time,” Google’s Jonathan Li and Jasika Bawa said. “If we

The Hacker News

Guide: On-Prem is Dead. Have You Adjusted Your Web DLP Plan?

By: The Hacker News — March 11^th 2024 at 11:33

As the shift of IT infrastructure to cloud-based solutions celebrates its 10-year anniversary, it becomes clear that traditional on-premises approaches to data security are becoming obsolete. Rather than protecting the endpoint, DLP solutions need to refocus their efforts to where corporate data resides - in the browser. A new guide by LayerX titled "On-Prem is Dead. Have You Adjusted Your Web

The Hacker News

FTC Slams Avast with $16.5 Million Fine for Selling Users' Browsing Data

By: Newsroom — February 23^rd 2024 at 03:30

The U.S. Federal Trade Commission (FTC) has hit antivirus vendor Avast with a $16.5 million fine over charges that the firm sold users' browsing data to advertisers after claiming its products would block online tracking. In addition, the company has been banned from selling or licensing any web browsing data for advertising purposes. It will also have to notify users whose browsing data was

The Hacker News

NS-STEALER Uses Discord Bots to Exfiltrate Your Secrets from Popular Browsers

By: Newsroom — January 22^nd 2024 at 11:22

Cybersecurity researchers have discovered a new Java-based "sophisticated" information stealer that uses a Discord bot to exfiltrate sensitive data from compromised hosts. The malware, named NS-STEALER, is propagated via ZIP archives masquerading as cracked software, Trellix security researcher Gurumoorthi Ramanathan said in an analysis published last week. The ZIP file contains

The Hacker News

Zero-Day Alert: Update Chrome Now to Fix New Actively Exploited Vulnerability

By: Newsroom — January 17^th 2024 at 02:20

Google on Tuesday released updates to fix four security issues in its Chrome browser, including an actively exploited zero-day flaw. The issue, tracked as CVE-2024-0519, concerns an out-of-bounds memory access in the V8 JavaScript and WebAssembly engine, which can be weaponized by threat actors to trigger a crash.  "By reading out-of-bounds memory, an attacker might be able to

The Hacker News

Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or Windows

By: Newsroom — January 15^th 2024 at 13:58

Cybersecurity researchers have disclosed a now-patched security flaw in the Opera web browser for Microsoft Windows and Apple macOS that could be exploited to execute any file on the underlying operating system. The remote code execution vulnerability has been codenamed MyFlaw by the Guardio Labs research team owing to the fact that it takes advantage of a feature called My Flow that

The Hacker News

The Definitive Enterprise Browser Buyer's Guide

By: The Hacker News — January 2^nd 2024 at 10:01

Security stakeholders have come to realize that the prominent role the browser has in the modern corporate environment requires a re-evaluation of how it is managed and protected. While not long-ago web-borne risks were still addressed by a patchwork of endpoint, network, and cloud solutions, it is now clear that the partial protection these solutions provided is no longer sufficient. Therefore,

The Hacker News

Google Settles $5 Billion Privacy Lawsuit Over Tracking Users in 'Incognito Mode'

By: Newsroom — January 2^nd 2024 at 09:50

Google has agreed to settle a lawsuit filed in June 2020 that alleged that the company misled users by tracking their surfing activity who thought that their internet use remained private when using the “incognito” or “private” mode on web browsers. The class-action lawsuit sought at least $5 billion in damages. The settlement terms were not disclosed. The plaintiffs had

The Hacker News

Urgent: New Chrome Zero-Day Vulnerability Exploited in the Wild - Update ASAP

By: Newsroom — December 21^st 2023 at 03:41

Google has rolled out security updates for the Chrome web browser to address a high-severity zero-day flaw that it said has been exploited in the wild. The vulnerability, assigned the CVE identifier CVE-2023-7024, has been described as a heap-based buffer overflow bug in the WebRTC framework that could be exploited to result in program crashes or arbitrary code execution. Clément

The Hacker News

New Malvertising Campaign Distributing PikaBot Disguised as Popular Software

By: Newsroom — December 19^th 2023 at 11:02

The malware loader known as PikaBot is being distributed as part of a malvertising campaign targeting users searching for legitimate software like AnyDesk. "PikaBot was previously only distributed via malspam campaigns similarly to QakBot and emerged as one of the preferred payloads for a threat actor known as TA577," Malwarebytes' Jérôme Segura said. The malware family,

The Hacker News

Google's New Tracking Protection in Chrome Blocks Third-Party Cookies

By: Newsroom — December 15^th 2023 at 07:23

Google on Thursday announced that it will start testing a new feature called "Tracking Protection" beginning January 4, 2024, to 1% of Chrome users as part of its efforts to deprecate third-party cookies in the web browser. The setting is designed to limit "cross-site tracking by restricting website access to third-party cookies by default," Anthony Chavez, vice president of Privacy

The Hacker News

New Report: Unveiling the Threat of Malicious Browser Extensions

By: The Hacker News — December 6^th 2023 at 11:44

Compromising the browser is a high-return target for adversaries. Browser extensions, which are small software modules that are added to the browser and can enhance browsing experiences, have become a popular browser attack vector. This is because they are widely adopted among users and can easily turn malicious through developer actions or attacks on legitimate extensions. Recent incidents like

The Hacker News

Zero-Day Alert: Google Chrome Under Active Attack, Exploiting New Vulnerability

By: Newsroom — November 29^th 2023 at 04:27

Google has rolled out security updates to fix seven security issues in its Chrome browser, including a zero-day that has come under active exploitation in the wild. Tracked as CVE-2023-6345, the high-severity vulnerability has been described as an integer overflow bug in Skia, an open source 2D graphics library. Benoît Sevens and Clément Lecigne of Google's Threat Analysis Group (TAG) have

The Hacker News

Randstorm Exploit: Bitcoin Wallets Created b/w 2011-2015 Vulnerable to Hacking

By: Newsroom — November 20^th 2023 at 09:16

Bitcoin wallets created between 2011 and 2015 are susceptible to a new kind of exploit called Randstorm that makes it possible to recover passwords and gain unauthorized access to a multitude of wallets spanning several blockchain platforms. "Randstorm() is a term we coined to describe a collection of bugs, design decisions, and API changes that, when brought in contact with each other, combine

The Hacker News

Hands on Review: LayerX's Enterprise Browser Security Extension

By: The Hacker News — November 1^st 2023 at 11:53

The browser has become the main work interface in modern enterprises. It’s where employees create and interact with data, and how they access organizational and external SaaS and web apps. As a result, the browser is extensively targeted by adversaries. They seek to steal the data it stores and use it for malicious access to organizational SaaS apps or the hosting machine. Additionally,

The Hacker News

The Dark Side of Browser Isolation – and the Next Generation Browser Security Technologies

By: The Hacker News — September 28^th 2023 at 11:13

The landscape of browser security has undergone significant changes over the past decade. While Browser Isolation was once considered the gold standard for protecting against browser exploits and malware downloads, it has become increasingly inadequate and insecure in today's SaaS-centric world. The limitations of Browser Isolation, such as degraded browser performance and inability to tackle

The Hacker News

Update Chrome Now: Google Releases Patch for Actively Exploited Zero-Day Vulnerability

By: THN — September 28^th 2023 at 03:13

Google on Wednesday rolled out fixes to address a new actively exploited zero-day in the Chrome browser. Tracked as CVE-2023-5217, the high-severity vulnerability has been described as a heap-based buffer overflow in the VP8 compression format in libvpx, a free software video codec library from Google and the Alliance for Open Media (AOMedia). Exploitation of such buffer overflow flaws can

The Hacker News

Critical libwebp Vulnerability Under Active Exploitation - Gets Maximum CVSS Score

By: THN — September 27^th 2023 at 05:23

Google has assigned a new CVE identifier for a critical security flaw in the libwebp image library for rendering images in the WebP format that has come under active exploitation in the wild. Tracked as CVE-2023-5129, the issue has been given the maximum severity score of 10.0 on the CVSS rating system. It has been described as an issue rooted in the Huffman coding algorithm - With a specially

The Hacker News

Live Webinar: Overcoming Generative AI Data Leakage Risks

By: The Hacker News — September 19^th 2023 at 10:29

As the adoption of generative AI tools, like ChatGPT, continues to surge, so does the risk of data exposure. According to Gartner’s "Emerging Tech: Top 4 Security Risks of GenAI" report, privacy and data security is one of the four major emerging risks within generative AI. A new webinar featuring a multi-time Fortune 100 CISO and the CEO of LayerX, a browser extension solution, delves into this

The Hacker News

Google Chrome Rolls Out Support for 'Privacy Sandbox' to Bid Farewell to Tracking Cookies

By: THN — September 11^th 2023 at 11:00

Google has officially begun its rollout of Privacy Sandbox in the Chrome web browser to a majority of its users, nearly four months after it announced the plans. "We believe it is vital to both improve privacy and preserve access to information, whether it's news, a how-to-guide, or a fun video," Anthony Chavez, vice president of Privacy Sandbox initiatives at Google, said. "Without viable

The Hacker News

Google Chrome's New Feature Alerts Users About Auto-Removal of Malicious Extensions

By: THN — August 18^th 2023 at 06:51

Google has announced plans to add a new feature in the upcoming version of its Chrome web browser to proactively alert users when an extension they have installed has been removed from the Chrome Web Store. The feature, set for release alongside Chrome 117, allows users to be notified when an add-on has been unpublished by a developer, taken down for violating Chrome Web Store policy, or marked

The Hacker News

Guide: How Google Workspace-based Organizations can leverage Chrome to improve Security

By: The Hacker News — August 16^th 2023 at 11:12

More and more organizations are choosing Google Workspace as their default employee toolset of choice. But despite the productivity advantages, this organizational action also incurs a new security debt. Security teams now have to find a way to adjust their security architecture to this new cloud workload. Some teams may rely on their existing network security solutions. According to a new guide

The Hacker News

Multiple Flaws Found in ScrutisWeb Software Exposes ATMs to Remote Hacking

By: THN — August 15^th 2023 at 16:44

Four security vulnerabilities in the ScrutisWeb ATM fleet monitoring software made by Iagona could be exploited to remotely break into ATMs, upload arbitrary files, and even reboot the terminals. The shortcomings were discovered by the Synack Red Team (SRT) following a client engagement. The issues have been addressed in ScrutisWeb version 2.1.38. "Successful exploitation of these

The Hacker News

Enhancing TLS Security: Google Adds Quantum-Resistant Encryption in Chrome 116

By: THN — August 11^th 2023 at 12:22

Google has announced plans to add support for quantum-resistant encryption algorithms in its Chrome browser, starting with version 116. "Chrome will begin supporting X25519Kyber768 for establishing symmetric secrets in TLS, starting in Chrome 116, and available behind a flag in Chrome 115," Devon O'Brien said in a post published Thursday. Kyber was chosen by the U.S. Department of Commerce's

KitPloit - PenTest Tools!

Browser-password-stealer - Get All The Saved Passwords, Credit Cards And Bookmarks From Chromium Based Browsers Supports Chromium 80 And Above!

By: Zion3R — August 7^th 2023 at 12:30

This python program gets all the saved passwords, credit cards and bookmarks from chromium based browsers supports chromium 80 and above!

Modules Required

To install all the required modules use the following code:
pip install -r requirements.txt

Supported browsers

Chromium Based Browsers

✔ Amigo
✔ Torch
✔ Kometa
✔ Orbitum
✔ Cent-browser
✔ 7star
✔ Sputnik
✔ Vivaldi
✔ Google-chrome-sxs
✔ Google-chrome
✔ Epic-privacy-browser
✔ Microsoft-edge
✔ Uran
✔ Yandex
✔ Brave
✔ Iridium

Install Required Python Packages

pip install -r requirements.txt

How to Use

Just run this chromium_based_browsers.py the code will create a folder based on the browser name and stores the saved passwords, credit cards and bookmarks in that folder.

Download Browser-password-stealer

The Hacker News

New Version of Rilide Data Theft Malware Adapts to Chrome Extension Manifest V3

By: THN — August 3^rd 2023 at 14:33

Cybersecurity researchers have discovered a new version of malware called Rilide that targets Chromium-based web browsers to steal sensitive data and steal cryptocurrency. "It exhibits a higher level of sophistication through modular design, code obfuscation, adoption to the Chrome Extension Manifest V3, and additional features such as the ability to exfiltrate stolen data to a Telegram channel

The Hacker News

RFP Template for Browser Security

By: The Hacker News — July 29^th 2023 at 05:34

Increasing cyber threats and attacks have made protecting organizational data a paramount concern for businesses of all sizes. A group of experts have recognized the pressing need for comprehensive browser security solutions and collaborated to develop "The Definitive Browser Security RFP Template." This resource helps streamline the process of evaluating and procuring browser security platforms

The Hacker News

New Mozilla Feature Blocks Risky Add-Ons on Specific Websites to Safeguard User Security

By: THN — July 10^th 2023 at 12:57

Mozilla has announced that some add-ons may be blocked from running on certain sites as part of a new feature called Quarantined Domains. "We have introduced a new back-end feature to only allow some extensions monitored by Mozilla to run on specific websites for various reasons, including security concerns," the company said in its Release Notes for Firefox 115.0 shipped last week. The company

The Hacker News

The Power of Browser Fingerprinting: Personalized UX, Fraud Detection, and Secure Logins

By: The Hacker News — June 23^rd 2023 at 10:50

The case for browser fingerprinting: personalizing user experience, improving fraud detection, and optimizing login security Have you ever heard of browser fingerprinting? You should! It's an online user identification technique that collects information about a visitor's web browser and its configuration preferences to associate individual browsing sessions with a single website visitor. With

The Hacker News

New Mystic Stealer Malware Targets 40 Web Browsers and 70 Browser Extensions

By: Ravie Lakshmanan — June 19^th 2023 at 15:21

A new information-stealing malware called Mystic Stealer has been found to steal data from about 40 different web browsers and over 70 web browser extensions. First advertised on April 25, 2023, for $150 per month, the malware also targets cryptocurrency wallets, Steam, and Telegram, and employs extensive mechanisms to resist analysis. "The code is heavily obfuscated making use of polymorphic

The Hacker News

New Research: 6% of Employees Paste Sensitive Data into GenAI tools as ChatGPT

By: The Hacker News — June 15^th 2023 at 11:58

The revolutionary technology of GenAI tools, such as ChatGPT, has brought significant risks to organizations' sensitive data. But what do we really know about this risk? A new research by Browser Security company LayerX sheds light on the scope and nature of these risks. The report titled "Revealing the True GenAI Data Exposure Risk" provides crucial insights for data protection stakeholders and

The Hacker News

Webinar with Guest Forrester: Browser Security New Approaches

By: The Hacker News — May 25^th 2023 at 10:50

In today's digital landscape, browser security has become an increasingly pressing issue, making it essential for organizations to be aware of the latest threats to browser security. That's why the Browser Security platform LayerX is hosting a webinar featuring guest speaker Paddy Harrington, a senior analyst at Forrester and the lead author of Forrester's browser security report "Securing The

The Hacker News

Privacy Sandbox Initiative: Google to Phase Out Third-Party Cookies Starting 2024

By: Ravie Lakshmanan — May 19^th 2023 at 12:28

Google has announced plans to officially flip the switch on its twice-delayed Privacy Sandbox initiatives as it slowly works its way to deprecate support for third-party cookies in Chrome browser. To that end, the search and advertising giant said it intends to phase out third-party cookies for 1% of Chrome users globally in the first quarter of 2024. "This will support developers in conducting

The Hacker News

Browser Security Survey: 87% of SaaS Adopters Exposed to Browser-borne Attacks

By: The Hacker News — April 26^th 2023 at 11:46

The browser serves as the primary interface between the on-premises environment, the cloud, and the web in the modern enterprise. Therefore, the browser is also exposed to multiple types of cyber threats and operational risks. In light of this significant challenge, how are CISOs responding? LayerX, Browser Security platform provider, has polled more than 150 CISOs across multiple verticals and

The Hacker News

ChatGPT's Data Protection Blind Spots and How Security Teams Can Solve Them

By: The Hacker News — April 20^th 2023 at 11:18

In the short time since their inception, ChatGPT and other generative AI platforms have rightfully gained the reputation of ultimate productivity boosters. However, the very same technology that enables rapid production of high-quality text on demand, can at the same time expose sensitive corporate data. A recent incident, in which Samsung software engineers pasted proprietary code into ChatGPT,

The Hacker News

Google Chrome Hit by Second Zero-Day Attack - Urgent Patch Update Released

By: Ravie Lakshmanan — April 19^th 2023 at 13:47

Google on Tuesday rolled out emergency fixes to address another actively exploited high-severity zero-day flaw in its Chrome web browser. The flaw, tracked as CVE-2023-2136, is described as a case of integer overflow in Skia, an open source 2D graphics library. Clément Lecigne of Google's Threat Analysis Group (TAG) has been credited with discovering and reporting the flaw on April 12, 2023. "

The Hacker News

Google Releases Urgent Chrome Update to Fix Actively Exploited Zero-Day Vulnerability

By: Ravie Lakshmanan — April 15^th 2023 at 03:58

Google on Friday released out-of-band updates to resolve an actively exploited zero-day flaw in its Chrome web browser, making it the first such bug to be addressed since the start of the year. Tracked as CVE-2023-2033, the high-severity vulnerability has been described as a type confusion issue in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been

The Hacker News

Google TAG Warns of North Korean-linked ARCHIPELAGO Cyberattacks

By: Ravie Lakshmanan — April 5^th 2023 at 12:19

A North Korean government-backed threat actor has been linked to attacks targeting government and military personnel, think tanks, policy makers, academics, and researchers in South Korea and the U.S. Google's Threat Analysis Group (TAG) is tracking the cluster under the name ARCHIPELAGO, which it said is a subset of another threat group tracked by Mandiant under the name APT43. The tech giant

The Hacker News

New Rilide Malware Targeting Chromium-Based Browsers to Steal Cryptocurrency

By: Ravie Lakshmanan — April 4^th 2023 at 13:07

Chromium-based web browsers are the target of a new malware called Rilide that masquerades itself as a seemingly legitimate extension to harvest sensitive data and siphon cryptocurrency. "Rilide malware is disguised as a legitimate Google Drive extension and enables threat actors to carry out a broad spectrum of malicious activities, including monitoring browsing history, taking screenshots, and

The Hacker News

Trojanized TOR Browser Installers Spreading Crypto-Stealing Clipper Malware

By: Ravie Lakshmanan — March 29^th 2023 at 09:17

Trojanized installers for the TOR anonymity browser are being used to target users in Russia and Eastern Europe with clipper malware designed to siphon cryptocurrencies since September 2022. "Clipboard injectors [...] can be silent for years, show no network activity or any other signs of presence until the disastrous day when they replace a crypto wallet address," Vitaly Kamluk, director of

The Hacker News

Fake ChatGPT Chrome Browser Extension Caught Hijacking Facebook Accounts

By: Ravie Lakshmanan — March 23^rd 2023 at 16:29

Google has stepped in to remove a bogus Chrome browser extension from the official Web Store that masqueraded as OpenAI's ChatGPT service to harvest Facebook session cookies and hijack the accounts. The "ChatGPT For Google" extension, a trojanized version of a legitimate open source browser add-on, attracted over 9,000 installations since March 14, 2023, prior to its removal. It was originally

The Hacker News

A New Security Category Addresses Web-borne Threats

By: The Hacker News — March 17^th 2023 at 10:46

In the modern corporate IT environment, which relies on cloud connectivity, global connections and large volumes of data, the browser is now the most important work interface. The browser connects employees to managed resources, devices to the web, and the on-prem environment to the cloud one. Yet, and probably unsurprisingly, this browser prominence has significantly increased the number of

The Hacker News

Fake ChatGPT Chrome Extension Hijacking Facebook Accounts for Malicious Advertising

By: Ravie Lakshmanan — March 13^th 2023 at 12:24

A fake ChatGPT-branded Chrome browser extension has been found to come with capabilities to hijack Facebook accounts and create rogue admin accounts, highlighting one of the different methods cyber criminals are using to distribute malware. "By hijacking high-profile Facebook business accounts, the threat actor creates an elite army of Facebook bots and a malicious paid media apparatus," Guardio

Naked Security

Firefox hits 100*, fixes bugs… but no new zero-days this month

By: Paul Ducklin — May 3^rd 2022 at 16:42

Despite concerns that some websites might break when Chromium and then Firefox reached version 100, the web still seems to be intact.

Naked Security

Yet another Chrome zero-day emergency update – patch now!

By: Paul Ducklin — April 16^th 2022 at 00:33

The third emergency Chrome 0-day in three months - the first one was exploited by North Korea, so you might as well get this one ASAP.

Naked Security

S3 Ep72: AirTag stalking, web server coding woes and Instascams [Podcast + Transcript]

By: Paul Ducklin — March 3^rd 2022 at 14:04

Latest episode - listen now (or read it, if that's your preference)...

InfoSec Resources

Browser Forensics: Google Chrome

By: Nitesh Malviya — September 30^th 2020 at 18:06

Introduction Browsers have become an inherent part of our virtual life and we all make use of browsers for surfing the internet in some or the other way. Also, browsers can be used not only for surfing, we can make use of browsers for navigating through the file system of the OS. You might have […]

The post Browser Forensics: Google Chrome appeared first on Infosec Resources.

Browser Forensics: Google Chrome was first posted on September 30, 2020 at 1:06 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

InfoSec Resources

Browser Forensics: Firefox

By: Nitesh Malviya — September 30^th 2020 at 17:54

Introduction Browsers have become an inherent part of our virtual life and we all make use of browsers for surfing the internet in some or the other way. Also, browsers can be used not only for surfing, we can make use of browsers for navigating through the file system of the OS. You might have […]

The post Browser Forensics: Firefox appeared first on Infosec Resources.

Browser Forensics: Firefox was first posted on September 30, 2020 at 12:54 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com