Tag Archive for: browser

Chrome Browser Alert! This Cookie Malware Can Access Your Google Accounts Even If You Reset Password, Log Out; Details

/in


Online threats and malware can be tough to track in the rapidly evolving digital world. As these dangers replicate in the internet landscape, a new data-stealing malware, which abuses Google’s OAuth endpoint called ‘MultiLogin’ to revive expired cookies and sign in to user accounts is among the new concerns, according to a report from BleepingComputer. This works even after you reset an account’s password or log out from the internet browser.

For the unaware, session cookies store authentication details of an account that lets users log in to websites automatically next time without entering the sign-in credentials. They have an expiration period to limit their misuse by bad actors, such as stealing access to user accounts. The news outlet earlier reported about information-stealers that could restore access to expired authentication cookies last month.

Also Read: Google Is Taking Scammers To Court For Creating Malware Copies Of Bard, Exploiting Businesses Via Hoax Copyright Claims

Such malware allows a cybercriminal to access Google accounts even if the victim has logged out, changed their password or reached session expiry. According to a new report from CloudSEK, it was first chased by threat actor PRISMA in October, who posted about the exploit on the messaging platform Telegram. As per the researchers, the exploit uses the Google OAuth endpoint that synchronises accounts across Google services.

The session cookie can be regenerated only once if a user changes their password.(Image:Canva/peshkov from Getty Images)

The malware abuses the endpoint to extract tokens and accounts of Chrome profiles logged into a Google account. Later, this data (including saved passwords) is decrypted to extract information. With the stolen token, the cybercriminals regenerate the cookie and can ensure continuous access to these accounts.

Also Read: FB Account Hacking Malware Targeting Indian HRs, Digital Marketers Via ‘Google Docs Offline’ Extension; Safety Tips

CloudSek Researcher Pavan Karthick told BleepingComputer that the cookie can be regenerated only once if a user changes their password. In other cases, it can be refreshed multiple times. According to the report, a minimum of…

Source…

Google 0-day browser bug under attack, patch available

/in


Google patched a zero-day bug being exploited in the wild that is tied to its Chrome browser and ChromeOS software. The flaw allows an attacker, who is able to compromise the browsers rendering process, to bypass sandbox security measures and execute remote code or access sensitive data.

Tracked as CVE-2023-6345 and rated by Google as a high priority fix, the vulnerability is an integer overflow bug in Chrome’s open source 2D graphics library called Skia. Google is withholding technical details of the vulnerability until fixes have been rolled out to a majority of users and vendors who use the Chromium browser engine in their products.

The patch, which impacts versions of Chrome prior to 119.0.6045.199, is one of seven security updates the company released on Tuesday.

“Google is aware that an exploit for CVE-2023-6345 exists in the wild,” the Google security bulletin stated.

The Skia flaw is an integer overflow that opens unpatched software to a “remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file.”

An attack that involves exploiting a sandbox escape allows an adversary to “break out of a secure or quarantined environment (sandbox)… An attacker could use a sandbox escape to execute malicious code on the host system, access sensitive data, or cause other types of harm,” according to a NordVPN description.

Part of Google’s security bulletin also included patches high-severity bugs including:

The announcement is the latest zero-day bug to affect the popular web browser from Google this year. 

The company patched another zero-day, CVE-2023-5217, in September that was described as a heap buffer overflow in vp8 encoding in the libvpx free codec library that allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Source…

Microsoft Defender Flags Tor Browser as Win32/Malgent!MTB Malware

/in


The detection of Tor browser’s latest version as Win32/Malgent!MTB malware is likely a false positive.

Microsoft Defender, a popular antivirus program, is apparently falsely flagging Tor Browser as Win32/Malgent!MTB malware. This is causing concern for users who rely on the Tor Browser to protect their privacy and security.

Tor Browser is a free and open-source web browser that uses the Tor network to anonymize browsing traffic. This makes it a popular choice for users who want to protect their privacy online.

Microsoft Defender is detecting the latest version of Tor Browser as malware because it is using a new heuristic detection method that is designed to identify Trojans that use Tor to hide their activity. However, the heuristic method is too broad and also flags the Tor Browser itself as malware.

Microsoft Defender Flags Tor Browser as Win32/Malgent!MTB Malware
Users have been reporting the issue. The first screenshot is from a well-known Russian cybercrime and hacker forum, while the rest of the screenshots were sourced from Reddit (Credit: Hackread.com)

What is the heuristic detection method?

Heuristic detection is a method of detecting malware that uses rules and algorithms to identify suspicious behaviour. It is different from signature-based detection, which relies on a database of known malware signatures.

Heuristic detection methods can be very effective at detecting new and emerging malware threats, but they can also generate false positives. This is because heuristic detection methods can sometimes flag benign software as malware.

According to Microsoft, its Defender security solution uses a combination of signature-based and heuristic detection methods to protect users from malware. However, the recent false positive detections of Tor Browser suggest that the heuristic detection method in Microsoft Defender may be too broad.

Win32 Malgent!MTB malware?

Win32/Malgent!MTB is a generic detection that Microsoft Defender uses to identify Trojans that are designed to perform a variety of malicious actions on a computer.

These actions can include downloading and installing other malware, using the computer for click fraud, recording keystrokes and the websites visited, sending information about…

Source…

The Impact of Browser Isolation Software on Internet Security in Africa

/in


Exploring the Impact of Browser Isolation Software on Internet Security in Africa

The advent of the digital age has brought about a significant transformation in the way we conduct our daily activities, especially in the realm of internet usage. However, this digital revolution has also ushered in a new era of cyber threats, making internet security a paramount concern. In Africa, where internet usage is rapidly growing, the need for robust internet security measures is more pressing than ever. One such measure that is gaining traction is the use of browser isolation software.

Browser isolation software is a cybersecurity technology that separates a user’s browsing activity from their network and endpoints, thereby preventing any potential cyber threats from reaching the user’s device. This technology has been instrumental in enhancing internet security, particularly in Africa, where cyber threats have been on the rise.

The impact of browser isolation software on internet security in Africa is profound. Firstly, it has significantly reduced the risk of malware attacks. In Africa, where many users lack the technical know-how to protect themselves from such threats, browser isolation software has proven to be a game-changer. By isolating browsing activities from the network, it prevents malware from infiltrating the user’s device, thereby safeguarding their data.

Secondly, browser isolation software has helped curb the menace of phishing attacks. Phishing is a cybercrime where a user is tricked into revealing sensitive information, such as passwords and credit card numbers, under the guise of a legitimate request. With browser isolation software, even if a user falls for a phishing scam, the attacker cannot gain access to the user’s device or network, thus mitigating the potential damage.

Moreover, browser isolation software has also enhanced the privacy of internet users in Africa. In an era where data privacy is a major concern, this software ensures that users’ browsing activities are not tracked or monitored, thereby protecting their privacy. This is particularly important in Africa, where data privacy laws are still in their nascent stages.

However, the adoption of…

Source…