Web Browsers

tripwire.com

CookieMiner malware targets Macs, steals passwords and SMS messages, mines for cryptocurrency

Security researchers have discovered a new Mac malware threat that appears to be a sophisticated attempt to raid cryptocurrency wallets.

Read more in my article on the Tripwire State of Security blog.


0 sec read

LastPass users automatically updated to fix security vulnerability in browser extension

Popular password manager LastPass says that it has fixed a vulnerability in its Chrome and Opera browser extensions that could have potentially seen an attacker steal the username and password previously filled-in by the software.


1 min read

Fingerprinting iPhones with the built-in gyroscope

Some rather ingenious researchers have found a way to unique identify iPhones and iPads by examining data gathered from a device’s accelerometer, gyroscope and magnetometer sensors.


52 sec read

A third-party patch for Microsoft’s Internet Explorer zero-day vulnerability

Don’t want to wait for Microsoft to fix the problem in how Internet Explorer handles .MHT files? Other security researchers come to the rescue.


36 sec read

bitdefender.com

It doesn’t matter if you don’t use Internet Explorer, you could still be at risk from this IE zero-day vulnerability

Even if you don’t use Internet Explorer any more, it may still be posing a potential risk by being installed on your Windows PCs.

Read more in my article on the Hot for Security blog.


0 sec read

tripwire.com

Coinhive, the in-browser cryptomining service beloved by hackers, is dead

“To be completely honest, it isn’t economically viable anymore,” says Coinhive.

Read more in my article on the Tripwire State of Security blog.


0 sec read

Join me to learn more about Magecart attacks – and how to defend against them

Attacks that can silently skim payment data as it is entered on websites have become a huge problem.

Learn more about the likes of Magecart, and how to effectively combat such threats, in an upcoming free webinar.


1 min read

bitdefender.com

Automatic 4K/HD for YouTube extension pulled from Chrome Store for pop-up ad abuse

A popular browser extension has been removed by Google from the Chrome Web Store after it started spamming users with irritating pop-up advertisements.

Read more in my article on the Hot for Security blog.


0 sec read

tripwire.com

Google Chrome extension warns if your password has been leaked

Google has released an optional extension for its Chrome browser that will trigger a visual warning if it determines you are using a username/password combination that it knows to be unsafe.

Read more in my article on the Tripwire State of Security blog.


0 sec read

tripwire.com

Malicious Chrome extension which sloppily spied on academics believed to originate from North Korea

Computer users are being reminded once again to take care over the browser extensions they install after security experts discovered a hacking campaign that has been targeting academic institutions since at least May 2018.

Read more in my article on the Tripwire State of Security blog.


0 sec read

bitdefender.com

Search for Chrome on Bing, and you might get a nasty surprise

It’s 2018, and you can still end up with your computer compromised by searching for Google Chrome in Microsoft Bing.

Read more in my article on the Hot for Security blog.


0 sec read

bitdefender.com

How to crash and restart an iPhone with a CSS-based web attack

A security researcher has revealed a method of crashing and restarting iPhones and iPads, with just a few lines of code that could be added to any webpage.

Read more in my article on the Hot for Security blog.


0 sec read

TV Licence website said it was secure. It wasn’t

The official UK TV licensing website was allowing licence purchasers to submit their personal identifiable information and bank details in unsafe, unencrypted plaintext.


2 min read

Smashing Security #094: Rogue browser extensions, Twitter presence, and how to cheat in exams

What’s the danger when browser extensions go bad? Is Twitter sharing your online status a boon for stalkers? And which of the show’s hosts is going to admit to cheating in their exams?

All this and much much more is discussed in the latest edition of the award-winning “Smashing Security” podcast hosted by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology journalist David McClelland.


1 min read

If an extension goes rogue, everything you do in your browser is compromised

The official Chrome browser extension for Mega.nz was compromised with a malicious update, stealing passwords and private keys.

Keep your browser extensions to a minimum, and always be wary if they ask for elevated permissions.


2 min read

Smashing Security #088: PayPal’s Venmo app even makes your drug purchases public

Not one of Google’s 85,000 employees has had their accounts compromised by phishing in a year.  How have they done it? Find out in this podcast.

Also, we discuss with special guest Scott Helme how websites still using HTTP are now marked as “not secure” by Google Chrome, and if you’re buying drugs via PayPal’s Venmo app you should say goodbye to privacy.

All this and much much more is discussed in the latest edition of the award-winning “Smashing Security” podcast hosted by computer security veterans Graham Cluley and Carole Theriault.


1 min read



Stay informed!

Join thousands of others by signing-up for the free “GCHQ” newsletter, containing the latest news and tips from security expert Graham Cluley.

Name:

Email:

Yes, I would like to subscribe to email updates from Graham Cluley. I know it’s easy to unsubscribe if I ever change my mind.