Browsers – Page 9 – Computer Security Articles

Credit to Author: Gregg Keizer| Date: Mon, 06 May 2019 12:21:00 -0700

Mozilla over the weekend scrambled to come up with a fix for a bug that crippled most Firefox add-ons.

Engineers issued an update for the desktop browser Sunday afternoon that addressed the issue. That update followed a Saturday hotfix released via a little-known component that lets Mozilla feed pre-release code to Firefox users and then collect data from the browser.

The problem was traced to the certificate used by Mozilla to digitally sign Firefox extensions. When the organization neglected to renew the certificate, Firefox assumed the add-ons could not be trusted – that they were, in other words, illegitimate at best, potentially malicious at worst – and then disabled any already installed. Add-ons could not be added to the browser for the same reason.

To read this article in full, please click here

ComputerWorld Independent

Microsoft connects rival browsers to Windows 10's Application Guard

March 26, 2019 admin Browsers, Security, windows

Credit to Author: Gregg Keizer| Date: Tue, 26 Mar 2019 03:00:00 -0700

Microsoft earlier this month released a pair of add-ons for Google’s Chrome and Mozilla’s Firefox to cobble together an unwieldy connection between those browsers, Edge and Windows 10’s advanced security technology, Windows Defender Application Guard (WDAG).

The debut of the browser extensions – separate add-ons for Chrome and Firefox – was quietly plugged at the end of a March 15 blog post relating a recent Windows Insider build. That build, 18358, will lead, presumably next month, to Windows 10’s next feature upgrade, labeled 1903 and also Windows 10 April 2019 Update.

To read this article in full, please click here

ComputerWorld Independent

Mozilla to harden Firefox defenses with site isolation, a la Chrome

February 14, 2019 admin Browsers, Security, software

Credit to Author: Gregg Keizer| Date: Thu, 14 Feb 2019 11:13:00 -0800

Mozilla plans to boost Firefox’s defensive skills by mimicking the “Site Isolation” technology introduced to Google’s Chrome last year.

Dubbed “Project Fission,” the effort will more granularly separate sites and their individual components than is currently the case in Firefox. The goal: Isolate malicious sites and attack code so individual sites cannot wreak havoc in the browser at large, or pillage the browser, the device or the device’s memory of critical information, such as authentication credentials and encryption keys.

“We aim to build a browser which isn’t just secure against known security vulnerabilities, but also has layers of built-in defense against potential future vulnerabilities,” Nika Layzel, the project tech lead of the Fission team, wrote in a post last week to a Firefox development mailing list. “To accomplish this, we need to revamp the architecture of Firefox and support full Site Isolation.” Layzel also published the note as the first newsletter from the Fission engineering group.

To read this article in full, please click here

Kaspersky Security

Crazy Razy, bitcoin thief

January 24, 2019 admin bitcoin, Browsers, chrome, cryptocurrencies, extensions, Firefox, news, plugins, Razy, Threats, trojans

Credit to Author: Pavel Shoshin| Date: Thu, 24 Jan 2019 16:07:51 +0000

The Razy Trojan secretly installs malicious extensions for Chrome and Firefox to serve phishing links and steal cryptocurrency.

ComputerWorld Independent

Firefox adds in-browser notification of breached sites

November 16, 2018 admin Browsers, Security, software

Credit to Author: Gregg Keizer| Date: Fri, 16 Nov 2018 13:10:00 -0800

Mozilla has added a data breach notification to Firefox that warns the browser’s users when their email address and credentials may have been obtained by hackers.

Dubbed Firefox Monitor, the free breach notification service debuted in September after some testing during the summer. Anyone — not only Firefox users — can steer to the service website, enter an email address and be told if that address was among those involved in successful, publicly-known breach attacks. Next steps were up to the user, including the obvious of changing the password(s) connected to that email address and/or website(s).

Notifications of the latest breaches were sent by Firefox Monitor to the user-submitted address. “Your email address will be scanned against those data breaches, and we’ll let you know through a private email if you were involved,” wrote Nick Nguyen, Mozilla’s vice president of product strategy, in a Sept. 25 post to a company blog.

To read this article in full, please click here

MalwareBytes Security

Google logins: JavaScript now required

November 7, 2018 admin Browsers, cybercrime, google, Google logins, JavaScript, login, logins, phishing, privacy, Security

Credit to Author: Christopher Boyd| Date: Wed, 07 Nov 2018 16:00:00 +0000

Google now requires users to enable JavaScript before logging in for extra security measures. But wait, hasn’t JavaScript been used in cyberattacks? We take a look at the impact of Google’s decision.

Categories:

Tags: browsers Google Google logins JavaScript login logins phishing security

(Read more…)

The post Google logins: JavaScript now required appeared first on Malwarebytes Labs.

Kaspersky Security

New leakage of Facebook user data, including private messages

November 2, 2018 admin Browsers, chrome, extensions, Facebook, Firefox, leaks, personal data, plugins, privacy, Threats

Credit to Author: Alex Drozhzhin| Date: Fri, 02 Nov 2018 16:31:32 +0000

The personal data of 257,000 Facebook users, including private messages belonging to 81,000 of them, has leaked online. Hackers claim to have access to 120 million accounts.

ComputerWorld Independent

Big browsers to pull support plug for TLS 1.0 and 1.1 encryption protocols in early '20

October 16, 2018 admin Browsers, Security

Credit to Author: Gregg Keizer| Date: Tue, 16 Oct 2018 04:06:00 -0700

The makers of the four biggest browsers all said Monday that their applications will drop support for the TLS (Transport Layer Security) 1.0 and 1.1 encryption protocols in early 2020.

“In March of 2020, Firefox will disable support for TLS 1.0 and TLS 1.1,” wrote Martin Thomson, principal engineer at Mozilla, in a post to a company blog.

Other browser developers, including Apple (Safari), Google (Chrome) and Microsoft (Edge and Internet Explorer) issued similar notices. All pegged early 2020 as the target for disabling support.

To read this article in full, please click here