Tag Archive for: browser

Password-cracking botnet has taken over WordPress sites to attack using the visitor’s browser


As reported by Ars Technica, cybersecurity researcher Denis Sinegubko has been monitoring ongoing website hacking activities for a long time. Now, he has identified a major pivot from crypto wallet drainers to brute-force password-cracking attacks on WordPress sites. Why is this happening, what does it mean, and what can you, as an end user, do? We’ll dive into all of the need-to-know information right away below.

First, let’s talk “Why.” Earlier in February, Sinegubko, writing for Sucuri’s blog, discussed an increase in “web3 crypto malware,” particularly malware used to inject crypto drainers into existing sites or use phishing sites for the same purpose.

Source…

Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine


Apple has patched an actively exploited zero-day bug in its WebKit browser engine for Safari.

The bug, assigned as CVE-2024-23222, stems from a type confusion error, which basically is what happens when an application incorrectly assumes the input it receives is of a certain type without actually validating — or incorrectly validating — that to be the case.

Actively Exploited

Apple yesterday described the vulnerability as something an attacker could exploit to execute arbitrary code on affected systems. “Apple is aware of a report that this issue may have been exploited,” the company’s advisory noted, without offering any further details.

The company has released updated versions of iOS, iPadOS, macOS, iPadOS, and tvOS with additional validation checks to address the vulnerability.

CVE-2024-23222 is the first zero-day vulnerability that Apple has disclosed in WebKit in 2024. Last year, the company disclosed a total of 11 zero-day bugs in the technology — its most ever in a single calendar year. Since 2021, Apple has disclosed a total of 22 WebKit zero-day bugs, highlighting the growing interest in the browser from both researchers and attackers.

In parallel, Apple’s disclosure of the new WebKit zero-day follows on Google’s disclosure last week of a zero-day in Chrome. It marks at least the third time in recent months where both vendors have disclosed zero-days in their respective browsers in close proximity to each other. The trend suggests that researchers and attackers are probing almost equally for flaws in both technologies, likely because Chrome and Safari are also the most widely used browsers.

The Spying Threat

Apple has not disclosed the nature of the exploit activity targeting the newly disclosed zero-day bug. But researchers have reported seeing commercial spyware vendors abusing some of the company’s more recent ones, to drop surveillance software on iPhones of target subjects.

In September 2023, Toronto University’s Citizen Lab warned Apple about two no-click zero-day vulnerabilities in iOS that a vendor of surveillance software had exploited to drop the Predator spyware tool on an iPhone belonging to an employee at a Washington, D.C.-based organization. The same month,…

Source…

Browser Mistakes Tech Experts Say You Should Stop Making To Protect Your Device From Hackers And Viruses


You may spend more time thinking about your apps these days — which apps are more likely to sell your data, which apps are killing your battery power, etc. But your browsers like Safari and Google Chrome may continue to fly under the radar a bit more. If you’re like most of us, you may take advantage of your browsers and assume they’re just there and that they require zero maintenance or thought. But this isn’t the entire truth. 

What you aren’t doing to your browser could be contributing to putting you at greater risk for hackers and viruses. Tech experts say these are the top browser mistakes you should stop making. 

Not Updating Your Browser

Browsers are similar to apps in that both need to be updated whenever updates become available. Your browser may show signs of little issues, like bugs, that can make it more vulnerable to hackers and viruses. App developers will release updates when they discovered problems with the apps, and downloading these updates can ensure your app is safer and more secure. If a browser update becomes available, make sure you download it ASAP.

Saving Passwords In Your Browser

 

At first, it seems like an extreme convenience. Your browser offers to save your passwords, and what could go wrong? At worst, this will allow you to not have to keep track of yet another complex password. But think of this from the perspective of a hacker who gains entry into your phone or computer — you’ve handed them your most important passwords on a silver platter when you save them in your browser. Even if a website asks to save your password in your browser, don’t give into the temptation.

Never Clearing Your Cookies and Cache

 

Your browser can get loaded down fast with information from websites that it stores in its cookies and cache. Although this isn’t an immediate security problem or one that leaves you more vulnerable to hackers, not clearing your cache can result in glitches when you visit certain sites and it can slow your device down. Resolve this by clearing your cache in Safari by going to Safari > Preferences > Advanced tab > Preferences > Empty Cache. On Chrome, go to More > Clear Browsing Data.

 

Keep these three browser mistakes in mind when…

Source…

Palo Alto Networks® Closes Talon Cyber Security Acquisition and Will Offer Complimentary Enterprise Browser to Qualified SASE AI Customers


The Talon acquisition extends Palo Alto Networks’ best-in-class SASE solution to help protect all managed and unmanaged devices

SANTA CLARA, Calif., Dec. 28, 2023 /PRNewswire/ — Palo Alto Networks (NASDAQ: PANW), the global cybersecurity leader, today announced that it has completed the acquisition of Talon Cyber Security, a pioneer of enterprise browser technology.

“We are thrilled to welcome Talon to Palo Alto Networks,” said Nikesh Arora, chairman and CEO of Palo Alto Networks. “Most work today occurs via web browsers, often on unmanaged devices, which poses enormous security risks. Through the seamless integration of Talon’s Enterprise Browser with Prisma® SASE, we will be elevating our best-in-class solution that helps provide ironclad security and data protection for all users across all applications and from any device or location. Additionally, we plan to extend Talon’s cutting-edge Enterprise Browser technology to our qualified SASE AI customers at no additional cost.” 

In today’s evolving threat landscape, employees frequently use personal and unmanaged devices to access critical business applications, including using mobile devices alongside corporate laptops. While this approach increases productivity, the lack of consistent security, control and visibility across devices increases security risk. To tackle these challenges, organizations need a holistic SASE solution that securely enables users to access vital business applications regardless of their chosen device. As part of that SASE solution, Talon’s Enterprise Browser will provide additional layers of protection against phishing attacks, web-based attacks and malicious browser extensions. Talon also offers extensive controls to help ensure that sensitive data does not escape the confines of the browser, regardless of whether the enterprise manages the device.

Palo Alto Networks Prisma SASE is the secure foundation for agile, cloud-enabled organizations. Integrating Talon with Prisma Access can provide customers with substantial productivity benefits by enabling unmanaged devices, but also ensures consistent security and deeper visibility into device usage, all while preserving user privacy. This acquisition…

Source…