Web Browsers

tripwire.com

Zero-day flaw exploited in targeted attacks is fixed by Microsoft

This month’s Patch Tuesday bundle of updates from Microsoft included a fix for a critical vulnerability that has been actively exploited by at least one hacking gang in targeted attacks.

Read more in my article on the Tripwire State of Security blog.


0 sec read

Firefox users can now ‘isolate their Facebook identity’ from the rest of the web

Firefox’s Facebook Container add-on makes it harder for Facebook to track your web activity via third-party cookies.


1 min read

Smashing Security #067: Cyber stalking and gun control

Incognito mode on your browser not as private as you think, consumer spyware companies get hacked, Graham is accused of “multitasking” in his hotel room, and Carole champions the students of Parkland, Florida.

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast with computer security veterans Graham Cluley and Carole Theriault.


1 min read

How to protect your browser from Unicode domain phishing attacks

Phishers and other online crooks are taking advantage of Unicode domain names in their pursuit of your passwords and other sensitive information. Here’s a simple way to protect yourself.


2 min read

welivesecurity.com

Patch now! Microsoft fixes over 50 serious security flaws

This week saw the second Tuesday of the month, and everyone who is responsible for protecting Windows computers knows what that means: another bundle of security patches have been released by Microsoft.

Read more in my article on the We Live Security blog.


0 sec read

Salon website gives you a choice: turn off your ad blocker or let us mine cryptocurrencies

If you don’t want to disable your ad blocker, maybe you’ll feel comfortable letting Salon.com run code from Coinhive which will gobble up your computer’s resources to mine some Monero cryptocurrency.


1 min read

welivesecurity.com

All HTTP websites to soon be marked as ‘not secure’ by Google Chrome

If you’re still running a website that is using insecure HTTP then it’s time to wake up and drink the coffee.

Because unless you take action soon, you’re going to find many of your visitors are going to distrust your website.

Read more in my article on the We Live Security blog.


0 sec read

bitdefender.com

Security hole meant Grammarly would fix your typos, but let snoopers read your private writings

A Google vulnerability researcher has found a gaping security hole in a popular web browser extension, that could have potentially exposed your private writings on the internet.

Read more in my article on the Hot for Security blog.


0 sec read

MailChimp plugs a hole that could have leaked your email address

MailChimp has been leaking subscribers’ email addresses. But it’s not the biggest leak ever, and certainly not the most practical to exploit at a large scale.


1 min read

bitdefender.com

Opera browser updated to stop crypto-currency mining

A new version of the Opera browser contains an anti-cryptocurrency mining feature that will surely be well-received by the majority of users.

Read more in my article on the Hot for Security blog.


0 sec read

Automatic autofill of your username and password? Not a good idea

Is your browser’s built-in login manager leaking your username (and possibly your password too)?


1 min read

Smashing Security podcast #058: Face ID, Firefox, and Windows SNAFUs, plus Bitcoin FOMO

Is Face ID racist? Has Mr Robot infected your Firefox browser? Has Microsoft pushed a buggy password manager onto your Windows PC?

All this and much much more is discussed in the special first birthday edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by original co-host Vanja Švajcer.


2 min read

Smashing Security podcast #053: Game of Thrones, a major Amazon cloud leak, and web tracking gone crazy

The FBI think they’ve identified the HBO hacker, the US military have been caught with a leaky bucket, and web tracking has just got scarier than ever.

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, who are joined this week by special guest Iain Thomson from The Register.


1 min read

Smashing Security #049: Hacking funeral homes, crypto mining websites, and careful with that hairspray

Scammers show a lack of imagination after hacking a funeral home, more websites are secretly stealing visitors’ resources to mine for cryptocurrency, and everyone is very confused about the USA’s airline laptop ban.

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Register’s John Leyden.


1 min read

tripwire.com

How to make your Google account more secure than ever before

Google Advanced Protection isn’t for everyone. But for high-risk Google accounts it’s a must.

Read more in my article on the Tripwire State of Security blog.


0 sec read

Do you trust your browser to save your credit card data and shipping info?

Technology could mean the end of sharing your credit card details with vendors.

David Bisson reports.


1 min read