HackDig : Dig high-quality web security articles for hackers

The zero-day exploits of Operation WizardOpium

Back in October 2019 we detected a classic watering-hole attack on a North Korea-related news site that exploited a chain of Google Chrome and Microsoft Windows zero-days. While we’ve already published blog posts briefly describing this operation (available here and here), in this blog post we’d like to take a deep technical dive into the exploit
Publish At:2020-05-28 06:34 | Read:225 | Comments:0 | Tags:APT reports Google Chrome Malware Technologies Microsoft Win

Critical bug in Google Chrome – get your update now

byPaul DucklinHere’s the short version.Google just issued a Chrome update with a note that says, “This update includes 1 [critical] security fix.”Unfortunately for the curious Chrome user, the long version doesn’t say much more:The stable channel has been updated to 81.0.4044.113 for Windows, Mac, and Linux, which will roll out over t
Publish At:2020-04-17 22:33 | Read:507 | Comments:0 | Tags:Google Chrome browser Chromium use-after-free vulnerability

49 malicious Chrome extensions caught pickpocketing crypto wallets

byLisa VaasGoogle has kicked 49 malicious Chrome browser extensions out of its Web Store that were posing as cryptocurrency wallets in order to drain the contents of bona fide wallets. The extensions were discovered by researchers from MyCrypto – an open-source interface for the blockchain that helps store, send and receive cryptocurrency – and
Publish At:2020-04-16 07:57 | Read:498 | Comments:0 | Tags:Cryptocurrency Data loss Google Google Chrome Malvertising M

Grandoreiro Malware Now Targeting Banks in Spain

During the past few months, IBM X-Force researchers have noticed a familiar malware threat that typically affects bank customers in Brazil has spread to attack banks in Spain. The rise in campaigns prompted us to look into it further. Grandoreiro, a remote-overlay banking Trojan, has migrated to Spain without significant modification, proving that attackers
Publish At:2020-04-13 10:30 | Read:420 | Comments:0 | Tags:Malware Threat Research Banking Banking Malware Banking Troj

Chrome may bring back ‘www’ with option to show full URLs

byLisa VaasEnough people must have griped about the loss of “www” and “https” in Chrome’s address bar to make Google rethink it: Chromium developers are testing a new Omnibox context menu that would give users the option to “Always Show Full URLs.”You can see what the final rendition of the “Show Full URLs̶
Publish At:2020-03-30 10:29 | Read:471 | Comments:0 | Tags:Google Google Chrome Web Browsers Always Show Full URLs Cana

COVID-19 disruption delays release of Chrome version 81

byJohn E DunnIt’s the COVID-19 shortage nobody expected – not toilet rolls, tinned goods or headache pills this time but Google software engineers.It’s a problem that many believe explains the abrupt decision by Google to delay the release of Chrome 81, the stable version of which was scheduled to start appearing on users’ computers on 17 March.This wa
Publish At:2020-03-20 07:42 | Read:520 | Comments:0 | Tags:Google Google Chrome Web Browsers chrome Chrome 80 chrome 81

A week in security (December 23 – 29)

Last week on Malwarebytes Labs, we continued our retrospective coverage with a look at how lawmakers in the United States treated online privacy this year, finding trends in multiple federal bills introduced in the Senate. Then we took a little break for the holidays. Other cybersecurity news: Now an annual tradition for close to a decade, SplashData u
Publish At:2019-12-30 16:50 | Read:781 | Comments:0 | Tags:A week in security a week in security Google Chrome online p

DNS-over-HTTPS is coming to Windows 10

byJohn E DunnFor fans of DNS-over-HTTPS (DoH) privacy, it must feel like a dam of resistance is starting to break.Mozilla Firefox and Cloudflare were the earliest adopters of this controversial new way to make DNS queries private by encrypting them, followed not long after by the weight of Google, which embedded DoH into Chrome as a non-default setting.This
Publish At:2019-11-21 12:35 | Read:822 | Comments:0 | Tags:Firefox Google Google Chrome Microsoft Privacy Web Browsers

Chrome 0-day exploit CVE-2019-13720 used in Operation WizardOpium

Executive summary Kaspersky Exploit Prevention is a component part of Kaspersky products that has successfully detected a number of zero-day attacks in the past. Recently, it caught a new unknown exploit for Google’s Chrome browser. We promptly reported this to the Google Chrome security team. After reviewing of the PoC we provided, Google confirmed th
Publish At:2019-11-12 01:05 | Read:1316 | Comments:0 | Tags:Featured Incidents Google Chrome JavaScript Proof-of-Concept

A week in security (September 16 -22)

Last week on Labs, we sounded the alarm about the relaunch of Emotet, one of the year’s most dangerous forms of malware, with a new spam campaign. We also reported on how international students in UK are targeted by visa scammers, what CEOs think about a potential US data privacy law, and introduced Malwarebytes Browser Guard. Finally, we looked at the
Publish At:2019-09-23 23:25 | Read:1289 | Comments:0 | Tags:A week in security amazon Browser guard data destruction edu

Safari, Chrome, Firefox: Which is the most private browser for Mac?

Everyone needs a web browser, and while Safari comes pre-installed on Macs, many people choose to use a different browser. You may want to do this for compatibility reasons—there may be sites or services you use that Safari doesn't handle correctly—or because you use a different browser at work; if you want to be able to sync bookmarks and history from your
Publish At:2019-09-19 16:40 | Read:1803 | Comments:0 | Tags:Security & Privacy Brave browser browsers Chrome Chrome Brow

Is Safari the most private browser for iPhone and iPad?

If there's one app that just about everyone uses on their iPhone, iPad, or iPod touch, it's a web browser. You use your browser to get information, to shop, and for entertainment. iOS devices come with Apple's Safari browser pre-installed, but you can use a different browser if you wish. Unfortunately, on iOS you can't set a different browser as the default,
Publish At:2019-09-19 16:40 | Read:1705 | Comments:0 | Tags:Software & Apps Brave browser browsers Chrome Chrome Browser

Firefox and Chrome rolling out DNS over HTTPS (DoH) feature

Earlier this month, Mozilla announced that Firefox will begin enabling “DNS over HTTPS” (DoH) by default for USA-based users. Not intending to be left behind in the pursuit of safer browsing, Google has announced that it, too, will begin experimenting with the feature; Chrome 78 will validate Google’s implementation of DNS over HTTPS.What DNS over HTTPS (DoH
Publish At:2019-09-19 16:40 | Read:1058 | Comments:0 | Tags:Security News Chrome DNS over HTTPS Firefox Google Chrome

Google released a Chrome 61 update that patches 2 High-Risk Flaws

Google has just released an updated version of Chrome 61, version 61.0.3163.100, that addresses 3 security flaws, two of which rated high-severity. The new version is already available for Windows, Mac, and Linux users and includes a total of three vulnerabilities. The first high-risk bug, tracked as CVE-2017-5121, is an Out-of-bounds access in V8 reported b
Publish At:2017-09-23 09:15 | Read:3389 | Comments:0 | Tags:Breaking News Security Bug Bounty Chrome High-Risk Flaws Goo

Dissecting the Chrome Extension Facebook malware

It’s been a few days since Kaspersky Lab’s blog post about the Multi Platform Facebook malware that was spread through Facebook Messenger. At the same time as Kaspersky Lab were analyzing this threat, a few researchers where doing the same, including Frans Rosén, Security Advisor at Detectify. After Frans saw David’s tweet about the blog po
Publish At:2017-08-31 14:55 | Read:3797 | Comments:0 | Tags:Research Browser Plugins Google Chrome Social Engineering So

Announce

Share high-quality web security related articles with you:)

Tools