mozilla firefox – Computer Security Articles

New browser extensions for integrating Microsoft’s hardware-based isolation

May 24, 2019 admin browser extension, cybersecurity, Endpoint security, Google Chrome, hardware-based isolation, Microsoft Defender ATP, Microsoft Edge, mozilla firefox, phishing, platform security, Threat protection, Windows 10, Windows Defender Application Guard, Windows Security

Credit to Author: Eric Avena| Date: Thu, 23 May 2019 15:50:07 +0000

The hardware-based isolation technology on Windows 10 that allows Microsoft Edge to isolate browser-based attacks is now available as a browser extension for Google Chrome and Mozilla Firefox. We introduced the container technology in 2017. Since then, we have been evolving the technology and engaging with customers to understand how hardware-based isolation can best help…

The post New browser extensions for integrating Microsoft’s hardware-based isolation appeared first on Microsoft Security .

Independent Krebs

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

January 22, 2019 admin A Little Sunshine, Amazon Web Services, Cisco Talos, Digital Ocean, DNS, GoDaddy, Google Cloud, Matthew Bryant, mozilla firefox, Mozilla Foundation, Ron Guilmette, Spammy Bear, The Coming Storm, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Wed, 23 Jan 2019 02:44:28 +0000

Two of the most disruptive and widely-received spam email campaigns over the past few months — including an ongoing sextortion email scam and a bomb threat hoax that shut down dozens of schools, businesses and government buildings late last year — were made possible thanks to an authentication weakness at GoDaddy.com, the world’s largest domain name registrar, KrebsOnSecurity has learned. Perhaps more worryingly, experts warn this same weakness that let spammers hijack domains registered through GoDaddy also affects a great many other major Internet service providers, and is actively being abused to launch phishing and malware attacks which leverage dormant Web site names currently owned and controlled by some of the world’s most trusted corporate names and brands.

Independent Krebs

Microsoft Patch Tuesday, May 2018 Edition

May 8, 2018 admin adobe, chrome, CVE-2018-8174, Flash Player 29.0.0.171, Latest Warnings, mozilla firefox, Patch Tuesday May 2018, Qualys, Security Tools, Time to Patch, windows

Credit to Author: BrianKrebs| Date: Tue, 08 May 2018 20:38:16 +0000

Microsoft today released a bundle of security updates to fix at least 67 holes in its various Windows operating systems and related software, including one dangerous flaw that Microsoft warns is actively being exploited. Meanwhile, as it usually does on Microsoft’s Patch Tuesday — the second Tuesday of each month — Adobe has a new Flash Player update that addresses a single but critical security weakness. First, the Flash Tuesday update, which brings Flash Player to v. 29.0.0.171. Some (present company included) would argue that Flash Player is in itself “a single but critical security weakness.” Nevertheless, Google Chrome and Internet Explorer/Edge ship with their own versions of Flash, which get updated automatically when new versions of these browsers are made available.

Independent Krebs

Look-Alike Domains and Visual Confusion

March 8, 2018 admin alex holden, Apple Safari, CA, CA Technologies, ca.com, Computer Associates, Google Chrome, Hold Security, IDN, internationalized domain names, Latest Warnings, look-alike domains, mozilla firefox, phishing, Punycode, skype, The Coming Storm, Twitter, unicode, Web Fraud 2.0, xn--80a7a.com

Credit to Author: BrianKrebs| Date: Thu, 08 Mar 2018 16:55:13 +0000

How good are you at telling the difference between domain names you know and trust and imposter or look-alike domains? The answer may depend on how familiar you are with the nuances of internationalized domain names (IDNs), as well as which browser or Web application you’re using. For example, how does your browser interpret the following domain? I’ll give you a hint: Despite appearances, it is most certainly not the actual domain for software firm CA Technologies (formerly Computer Associates Intl Inc.), which owns the original ca.com domain name: https://www.са.com/ Go ahead and click on the link above or cut-and-paste it into a browser address bar. If you’re using Google Chrome, Apple’s Safari, or some recent version of Microsoft’s Internet Explorer or Edge browsers, you should notice that the address converts to “xn--80a7a.com.” This is called “punycode,” and it allows browsers to render domains with non-Latin alphabets like Cyrillic and Ukrainian. Below is what it looks like in Edge on Windows 10; Google Chrome renders it much the same way. Notice what’s in the address bar (ignore the “fake site” and “Welcome to…” text, which was added as a courtesy by the person who registered this domain):

Independent Krebs

Microsoft Patch Tuesday, February 2018 Edition

February 13, 2018 admin Adobe Flash zero-day, Flash Player update, Google Chrome, Microsoft Patch Tuesday February 2018, microsoft windows, mozilla firefox, sans internet storm center, Time to Patch

Credit to Author: BrianKrebs| Date: Tue, 13 Feb 2018 21:13:27 +0000

Microsoft today released a bevy of security updates to tackle more than 50 serious weaknesses in Windows, Internet Explorer/Edge, Microsoft Office and Adobe Flash Player, among other products. A good number of the patches issued today ship with Microsoft’s “critical” rating, meaning the problems they fix could be exploited remotely by miscreants or malware to seize complete control over vulnerable systems — with little or no help from users.

Independent Krebs

Attackers Exploiting Unpatched Flaw in Flash

February 2, 2018 admin CVE-2018-4878, Flash Player zero day, Google Chrome, Internet Explorer, Latest Warnings, mozilla firefox, Protected mode, Protected View for Office, The Coming Storm

Credit to Author: BrianKrebs| Date: Fri, 02 Feb 2018 14:21:06 +0000

Adobe warned on Thursday that attackers are exploiting a previously unknown security hole in its Flash Player software to break into Microsoft Windows computers. Adobe said it plans to issue a fix for the flaw in the next few days, but now might be a good time to check your exposure to this still-ubiquitous program and harden your defenses. Adobe said a critical vulnerability (CVE-2018-4878) exists in Adobe Flash Player 28.0.0.137 and earlier versions. Successful exploitation could potentially allow an attacker to take control of the affected system.