HackDig : Dig high-quality web security articles

A week in security (June 20 – June 26)

Last week on Malwarebytes Labs: LinkedIn scams are a “significant threat”, warns FBIDDoS-for-hire service provider jailedInternet Safety Month: 7 tips for staying safe online while on vacationClient-side Magecart attacks still around, but more covertSecurity vulnerabilities: 5 times that organizations got hackedYou can be tracked online using
Publish At:2022-06-27 07:53 | Read:140 | Comments:0 | Tags:A week in security 311 7-zip APT28 catfishing chrome conti C

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of June 20, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of June 20, 2022. I’ve also included some comments on these stories.Over a Dozen Flaws Found in Siemens’ Industrial Network Manag
Publish At:2022-06-27 06:20 | Read:135 | Comments:0 | Tags:VERT News Chrome critical vulnerability tracking WordPress s

You can be tracked online using your Chrome browser extensions

A researcher has found a way to generate a fingerprint of your device from your installed Google Chrome extensions, and then use that fingerprint to track you online. Fingerprinting is a way of figuring out what makes your device unique and then using that to identify you as you move around the internet. Websites you visit receive a huge amount of informa
Publish At:2022-06-21 09:02 | Read:272 | Comments:0 | Tags:Privacy browsers chrome chromium extensions fingerprinting

A week in security (June 13 – June 19)

Last week on Malwarebytes Labs: Serious vulnerabilities found in ITarian software, patches available for SaaS productsUpdate Chrome now: Four high risk vulnerabilities foundTaking down the IP2Scam tech support campaignDon’t panic! “Unpatchable” Mac vulnerability discoveredIntroducing Malwarebytes Vulnerability Assessment for OneView: How to check for Comm
Publish At:2022-06-20 09:02 | Read:208 | Comments:0 | Tags:A week in security chrome confluence Confluence vulnerabilit

Update Chrome now: Four high risk vulnerabilities found

Users of Chrome have been advised to apply updates as soon as possible related to seven security vulnerabilities. CISA has also warned that the vulnerabilities could be used to take control of affected systems. Although no detailed explanation of how these vulnerabilities work has been released, there is enough out there to encourage users to apply the patch
Publish At:2022-06-13 12:59 | Read:196 | Comments:0 | Tags:Exploits and vulnerabilities chrome CVE exploit Google updat

A week in security (May 23 – 29)

Last week on Malwarebytes Labs: Update now! Nvidia released fixes for 10 flaws in Windows GPU driversChicago students lose data to ransomware attackersHunting down your data with Whitney Merrill: Lock and Code S03E11Unknown APT group has targeted Russia repeatedly since Ukraine invasionZero-day vulnerabilities in Chrome and Android exploited by commercial
Publish At:2022-05-30 12:59 | Read:471 | Comments:0 | Tags:A week in security Android APT awis chrome ChromeLoader dns

ChromeLoader targets Chrome Browser users with malicious ISO files

If you’re on the hunt for cracked software or games, be warned. Rogue ISO archive files are looking to infect your systems with ChromeLoader. If you think campaigns such as this only target Windows users, you’d sadly be very much mistaken. The attack sucks in several operating systems and even uses mobiles as bait to draw in additional victims. Of PowerSh
Publish At:2022-05-26 09:12 | Read:328 | Comments:0 | Tags:Scams browser extension chrome ChromeLoader cracked torrent

Update now! Multiple vulnerabilities patched in Google Chrome

Google has announced an update for the Chrome browser that includes 32 security fixes. The severity rating for one of the patched vulnerabilities is Critical. The stable channel was promoted to 102.0.5005.61/62/63 for Windows, and 102.0.5005.61 for Mac and Linux. Critical Google rates vulnerabilities as critical if they allow an attacker to run arbi
Publish At:2022-05-25 09:01 | Read:319 | Comments:0 | Tags:Exploits and vulnerabilities chrome critical cve-2022-1853 I

Long lost @ symbol gets new life obscuring malicious URLs

Threat actors have rediscovered an old and little-used feature of web URLs, the innocuous @ symbol we usually see in email addresses, and started using it to obscure links to their malicious websites. Researchers from Perception Point noticed it being used in a cyberattack against multiple organization recently. While the attackers are still unknown, Perc
Publish At:2022-05-17 12:59 | Read:550 | Comments:0 | Tags:Social engineering @ delimiter @ in URL "@" symbol in URL Br

A week in security (May 9 – 15)

Last week on Malwarebytes Labs: How to spot the signs of a virtual kidnap scamVirtual credit cards coming to Chrome: What you need to knowClearview AI banned from selling facial recognition data in the USCyberattacks on SATCOM networks attributed to Russian threat actorsF5 BIG-IP vulnerability is now being used to disable serversCollege closes down after
Publish At:2022-05-16 09:01 | Read:520 | Comments:0 | Tags:A week in security APT34 canon chrome Clearview AI conti F5

Virtual credit cards coming to Chrome: What you need to know

When you’re buying things online, reducing the exposure of payment details during transactions is one way to help reduce the risk of data theft. If you can hide this payment data and switch it out for something else entirely, even better. Google is proposing to do just that for customers in the US, with recently announced plans to offer a virtual cr
Publish At:2022-05-12 12:59 | Read:787 | Comments:0 | Tags:Privacy chrome Google payment virtual credit card

Update now! Microsoft releases patches, including one for actively exploited zero-day

Microsoft has released patches for 74 security problems, including fixes for seven “critical” vulnerabilities, and an actively exploited zero-day vulnerability that affects all supported versions of Windows. First, we’ll look at the actively exploited zero-day. Then we’ll discuss two zero-days that are publicly disclosed, but so far no in the
Publish At:2022-05-11 12:59 | Read:469 | Comments:0 | Tags:Exploits and vulnerabilities adobe Azure chrome Cisco cve-20

A special browser designed for online banking. Good idea, or not so much?

The German Sparkasse bank has launched a browser that is especially designed to do your online banking. The browser called S-Protect is available for macOS and Windows users. The idea is interesting, since having a separate browser for banking can certainly add an extra layer of security. Separate browsers Unfortunately there is a low correlation fa
Publish At:2022-05-09 08:52 | Read:539 | Comments:0 | Tags:Web threats chrome coronic s-protect sparkasse

Google fixed third zero-day in Chrome since the start of 2022

h2>Google Chrome 100.0.4896.127 addresses a new high-severity zero-day vulnerability tracked as CVE-2022-1364, actively exploited by threat actors in the wild. Google has released Chrome 100.0.4896.127 for Windows, Mac, and Linux to address a high-severity zero-day, tracked as CVE-2022-1364, that is actively exploited by threat actors in attacks. The C
Publish At:2022-04-15 06:26 | Read:672 | Comments:0 | Tags:Breaking News Security Chrome Hacking hacking news informati

April’s Patch Tuesday update includes fixes for two zero-day vulnerabilities

p>It’s that time of the month again. Time to check what needs to be updated and prioritize where necessary. The Microsoft updates include at least two zero-day vulnerabilities that deserve your attention. Microsoft Microsoft has released security updates and non-security updates for client and server versions of its Windows operating system and other c
Publish At:2022-04-13 12:48 | Read:1032 | Comments:0 | Tags:Exploits and vulnerabilities chrome cve-2022-24491 Edge micr

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3