Web Browsers


49 crypto-wallet pickpocketing browser extensions booted from the Chrome web store

Hackers have been using Google Ads to target unsuspecting cryptocurrency investors into installing malicious browser extensions, with the aim of stealing passphrases and private keys and draining funds from their wallets.

Read more in my article on the Hot for Security blog.

Patch now! Microsoft releases fixes for 99 security flaws, some being actively exploited by hackers

It’s one of the largest Patch Tuesday updates ever issued by Microsoft, and includes fixes for 12 security vulnerabilities that have been given the highest severity rating of “critical.”

The clock is ticking. IT teams should waste no time in readying themselves for a roll-out across the Windows computers for which they’re responsible.

Dashlane password manager’s Chrome extension has disappeared

The Dashlane Password Manager browser extension was suddenly removed from the Chrome web store this weekend.

Microsoft’s Internet Explorer zero-day workaround is breaking printing

Microsoft’s workaround for an unpatched vulnerability that is being exploited in targeted attacks by hackers appears to be causing printer errors.

Whoops! LastPass accidentally deleted its browser extension from the Chrome store. But it’s back now

Someone at LastPass must be feeling 5!ck as a p4rr0t right now, after human error meant that its browser extension was accidentally deleted from the Chrome web store.

Although an embarrassing goof, it’s something of a storm in a teacup security-wise.

Microsoft issues Internet Explorer zero-day warning, but there’s no patch yet

Microsoft has warned Windows users that there is an unpatched zero-day vulnerability in Internet Explorer that is being exploited in targeted attacks.

Stop everything. Update Firefox now

A Firefox browser vulnerability that could allow attackers to take control of computers is being exploited in the wild.

Make sure you are running the very latest version of Firefox.


CookieMiner malware targets Macs, steals passwords and SMS messages, mines for cryptocurrency

Security researchers have discovered a new Mac malware threat that appears to be a sophisticated attempt to raid cryptocurrency wallets.

Read more in my article on the Tripwire State of Security blog.

LastPass users automatically updated to fix security vulnerability in browser extension

Popular password manager LastPass says that it has fixed a vulnerability in its Chrome and Opera browser extensions that could have potentially seen an attacker steal the username and password previously filled-in by the software.

Fingerprinting iPhones with the built-in gyroscope

Some rather ingenious researchers have found a way to unique identify iPhones and iPads by examining data gathered from a device’s accelerometer, gyroscope and magnetometer sensors.

A third-party patch for Microsoft’s Internet Explorer zero-day vulnerability

Don’t want to wait for Microsoft to fix the problem in how Internet Explorer handles .MHT files? Other security researchers come to the rescue.


It doesn’t matter if you don’t use Internet Explorer, you could still be at risk from this IE zero-day vulnerability

Even if you don’t use Internet Explorer any more, it may still be posing a potential risk by being installed on your Windows PCs.

Read more in my article on the Hot for Security blog.


Coinhive, the in-browser cryptomining service beloved by hackers, is dead

“To be completely honest, it isn’t economically viable anymore,” says Coinhive.

Read more in my article on the Tripwire State of Security blog.

Join me to learn more about Magecart attacks – and how to defend against them

Attacks that can silently skim payment data as it is entered on websites have become a huge problem.

Learn more about the likes of Magecart, and how to effectively combat such threats, in an upcoming free webinar.


Automatic 4K/HD for YouTube extension pulled from Chrome Store for pop-up ad abuse

A popular browser extension has been removed by Google from the Chrome Web Store after it started spamming users with irritating pop-up advertisements.

Read more in my article on the Hot for Security blog.


Google Chrome extension warns if your password has been leaked

Google has released an optional extension for its Chrome browser that will trigger a visual warning if it determines you are using a username/password combination that it knows to be unsafe.

Read more in my article on the Tripwire State of Security blog.