Archive for the ‘security’ Category

Chrome’s JavaScript Popup Handling Changes

Friday, March 31st, 2017

It’s surprising that Chrome has taken so long to implement changes that protect users from malicious pop-up ads; Firefox took care of this problem years ago.

Google implemented a change in Chrome’s JavaScript popup handling behavior recently that restricts JavaScript popups. The change, which landed in Chrome Canary and Dev already, improves the handling of JavaScript alert(), confirm() and prompt() dialogs that pages may throw in the browser. Chrome up until now, and that is still true for Chrome Stable and Beta, handled these JavaScript dialogs per browser-window.

(more…)

Malwarebytes Releases Another Beta to Fix Malwarebytes 3 issues

Wednesday, March 29th, 2017

It’s starting to sound like they may have rolled out Malwarebytes 3 a bit too early; it doesn’t exactly boost user confidence to release a security program with this many bugs.

Security company Malwarebytes has released another beta version for its flagship product Malwarebytes 3 to fix long-standing issues in the program. Malwarebytes 3, a new product born out of the ashes of Malwarebytes Anti-Malware, Anti-Exploit, and Anti-Ransomware, has been plagued by bugs ever since its release.

(more…)

Full LastPass 4.1.42 Exploit Discovered

Tuesday, March 21st, 2017

Password managers must make an incredibly tempting target for hackers. Heads up, LastPass users!

Tavis Ormandy, a prolific member of Google’s Project Zero initiative, revealed that he discovered a new security issue in LastPass 4.1.42 (and maybe earlier). Ormandy revealed that he discovered an exploit, but did not reveal it. Project Zero discoveries are reported to the companies who produce the affected products. The companies have 90 days to react, usually by creating a new product version that they make available publicly to all customers.

(more…)

Pwn2Own 2017: Windows, Ubuntu, Edge, Safari and Firefox Exploited

Friday, March 17th, 2017

The good news is that Chrome managed to resist hacking (this time.)

The tenth anniversary of the Pwn2Own gathering of hackers, Pwn2Own 2017, saw eleven teams attempt to exploit products across four categories. The products that teams were allowed to target this year included operating systems and web browsers, but also the new product categories Enterprise applications and server-side. Programs like Adobe Reader, and Apache Web Server, were added as targets by the Pwn2Own committee.

(more…)

NoScript 5.0 Add-On for Firefox Released

Wednesday, March 15th, 2017

Although it’s a little bit of a hassle to be busy continuously whitelisting sites that you want to allow, but the ability to block scripts is probably one of the most effective PC security measures available.

NoScript 5.0, a popular script blocker (and more) for Firefox has just been released to the public after two release candidate build releases. The browser add-on is a script blocker first and foremost. It blocks any script from running on sites you visit, unless you whitelist them. The approach makes it one of the best add-ons from a security point of view, but means that you will have to adjust website permissions regularly as sites may fail to load completely or partially due to scripts not being loaded when the site is opened in the Firefox web browser.

(more…)

Windows Defender Application Guard – A Quick Summary

Tuesday, March 14th, 2017

Protection for Windows Edge is a nice start, but Microsoft needs to go a step further and include protection for IE as well as the user’s system.

Windows Defender Application Guard is a new security feature of the Windows 10 operating system that Microsoft revealed back in 2016. The company revealed back then that it would integrate the feature in a future Windows Insider build before shipping it with the new feature update of Windows, the Windows 10 Creators Update.

(more…)

Security Issues Found in Nine Password Managers for Android (LastPass, Dashlane, …)

Monday, March 6th, 2017

Considering how often major security problems with password managers seem to turn up, you’d probably be better off just writing down your passwords down on the back of a business card.

Security researchers of the Fraunhofer Institute found severe security issues in nine password managers for Android that they analyzed as part of their research. Password managers are a popular option when it comes to storing authentication information. All promise secure storage either locally or remotely, and some may add other features to the mix such as password generation, automatic sign ins, or the saving of important data such as Credit Card numbers or Pins.

(more…)

Report – Non-Admin Accounts Mitigate 94% of Critical Windows Vulnerabilities

Wednesday, March 1st, 2017

This probably goes without saying, but here it is anyway, just in case anyone needs a reminder.

A new report suggests that Windows admins and users could mitigate 94% of all critical vulnerabilities automatically by running non-admin accounts. It is common sense that using standard user accounts on Windows, opposed to accounts with elevated privileges, is a good security practice. The main reason behind this practice is simple: if a user cannot perform certain operations due to limited rights, then malware can’t perform those operations either.

(more…)

Google Discloses Edge and IE Vulnerability

Monday, February 27th, 2017

This is a fairly serious vulnerability. It’s surprising that we’re hearing about this from Google, rather than Microsoft.

Google disclosed a security vulnerability in Microsoft Edge and Internet Explorer yesterday that Microsoft failed to patch up until now. This is the second vulnerability that Google disclosed this month. Last week, the company disclosed a Windows vulnerability that affected the gdi32.dll dynamic link library in Windows. The new vulnerability that Google disclosed yesterday affects the web browsers Microsoft Internet Explorer and Microsoft Edge.

(more…)

Chrome – The “HoeflerText Font wasn’t Found” Scam

Friday, February 24th, 2017

Here’s a clever new scam that disguises itself as a font error.

It is interesting from a purely scientific angle how attackers come up with new methods and schemes to distribute malicious payloads on to user systems. The “HoeflerText” font wasn’t found is a recent attack that changes website text so that it looks as if a font is missing, to get users to download and install an alleged update for Chrome that adds the font to the system.

(more…)