Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Chrome. Show all posts
Opera
Chrome Cloud Internet malware Opera

Malware Campaign Uses Fake CAPTCHAs, Tricks Online Users


Researchers at Netskope Threat Labs have found a new malicious campaign that uses tricky tactics to distribute the Legion Loader malware. The campaign uses fake CAPTCHAs and CloudFlare Turnstile to trap targets into downloading malware that leads to the installation of malicious browser extensions. 

Malware campaign attacks users via fake CAPTCHAs

The hackers have attacked over 140 Netskope customers situated in Asia, North America, and Southern Europe throughout different segments, driven by the financial and tech sectors. 

Netskope has been examining different phishing and malware campaigns targeting users who look for PDF documents online. Hackers use tricky ways within these PDFs to resend victims to malicious websites or lure them into downloading malware. In the newly found campaign, they used fake CAPTCHAs and Cloudflare Turnstile to distribute the LegionLoader payload. 

Important stages in the attack chain

The infection begins with a drive-by download when a target looks for a particular document and is baited to a malicious site.

The downloaded file contains a fake CAPTCHA. If clicked, it redirects the user via a Clloudfare Turnstile CAPTCHA to a notification page. 

In the last step, victims are urged to allow browser notifications.

Attack tactic in detail

When a user blocks the browser notification prompt or uses a browser that doesn’t support notifications, they are redirected to download harmless apps like Opera or 7-Zip. However, if the user agrees to receive browser notifications, they are redirected to another Cloudflare Turnstile CAPTCHA. Once this is done, they are sent to a page with instructions on how to download their file.

The download process requires the victim to open the Windows Run window (win + r) and put content copied to the clipboard (ctrl + v), and “ execute it by pressing enter (we described a similar approach in a post about Lumma Stealer),” Netscope said. In this incident, the command in the clipboard uses the “ command prompt to run cURL and download an MSI file.” After this, the “command opens File Explorer, where the MSI file has been downloaded. When the victim runs the MSI file, it will execute the initial payload.”

Hackers use different tactics to avoid getting caught

To avoid detection, the campaign uses a legitimate VMware-signed app that sideloads a malicious DLL to run and load the LegionLeader payload. Later, a new custom algorithm is used to remove the LegionLeader shellcode loader. 

In the final stage, the hackers install a malicious browser extension that can steal sensitive info across different browsers, such as Opera, Chrome, Brave, and Edge. Netscope warns of an alarming trend where hackers are targeting users searching for PDF docs online via sophisticated tactics to install malware.

Read more »
MPIC
Chrome Cyber Security Google https Linting MPIC

Google sets new rules to improve internet safety through better website security

 




Google is taking major steps to make browsing the web safer. As the company behind Chrome, the most widely used internet browser, Google’s decisions shape how people all over the world experience the internet. Now, the company has announced two new safety measures that focus on how websites prove they are secure.


Why is this important?

Most websites use something called HTTPS. This means that the connection between your device and the website is encrypted, keeping your personal data private. To work, HTTPS relies on digital certificates that prove a website is real and trustworthy. These certificates are issued by special organizations called Certificate Authorities.

But hackers are always looking for ways to cheat the system. If they manage to get a fake certificate, they can pretend to be a real website and steal information. To prevent this, Google is asking certificate providers to follow two new safety processes.


The first method: double-checking website identity (MPIC)

Google is now supporting something called MPIC, short for Multi-Perspective Issuance Corroboration. This process adds more layers of checking before a certificate is approved. Right now, website owners only need to show they own the domain once. But this can be risky if someone finds a way to fake that proof.

MPIC solves the issue by using several different sources to confirm the website’s identity. Think of it like asking multiple people to confirm someone’s name instead of just asking one. This makes it much harder for attackers to fool the system. The group that oversees certificate rules has agreed to make MPIC a must-follow step for all providers.


The second method: scanning certificates for errors (linting)

The second change is called linting. This is a process that checks each certificate to make sure it’s made properly and doesn’t have mistakes. It also spots certificates that use outdated or weak encryption, which can make websites easier to hack.

Linting helps certificate providers stick to the same rules and avoid errors that could lead to problems later. Google has mentioned a few free tools that can be used to carry out linting, such as zlint and certlint. Starting from March 15, 2025, all new public certificates must pass this check before they are issued.


What this means for internet users

These changes are part of Google’s ongoing plan to make the internet more secure. When websites follow these new steps, users can be more confident that their information is safe. Even though these updates happen in the background, they play a big role in protecting people online.



Read more »
Malware Attack
Chrome Cyber Attacks Cyble Cyble research data security Data Theft Google Chrome security Malware Attack

Sophisticated Malware Bypasses Chrome App-Bound Encryption Using Dual Injection

 

Researchers at Cyble have identified a highly advanced malware attack that successfully bypasses Google Chrome’s App-Bound Encryption. This security feature was designed to prevent infostealer malware from accessing user data, particularly cookies. 

However, the newly discovered malware employs dual injection techniques to circumvent these defenses, allowing cybercriminals to extract sensitive credentials. The attack begins with a deceptive file distribution method. The malware is embedded within a ZIP file disguised as a PDF document. 

When opened, it executes a malicious LNK shortcut file that creates a scheduled task, running every 15 minutes. Another component of the attack is an XML project file, which is designed to appear as a PNG image, further tricking users into engaging with the malicious content.  

To execute its payload, the malware exploits MSBuild.exe, a legitimate Microsoft development tool. This enables it to run directly in system memory without creating detectable files on the disk, making it much harder for traditional security solutions to identify and stop the attack. The use of fileless execution techniques ensures that the malware operates stealthily while maintaining persistence on an infected system. 

A key aspect of this attack is its dual injection approach. The malware employs both Process Injection and Reflective DLL Injection to execute malicious code within legitimate system processes. This method allows it to blend in with normal activity while avoiding detection. By targeting Chrome’s security framework, the malware can extract encrypted login data, cookies, and other sensitive browser-stored information. 

The malware also leverages the Telegram Web API for command and control communications. This connection enables threat actors to issue remote commands, modify bot configurations, and control infected systems with minimal interference. The dynamic bot ID switching feature adds an additional layer of stealth, ensuring continued access even if parts of the attack infrastructure are disrupted. Cyble researchers noted that the malware appears to be specifically targeting organizations in Vietnam, particularly those in the telemarketing and sales industries.

However, the method it uses could be adapted for broader campaigns, posing a risk to businesses and individuals globally. The initial infection method remains unclear, but it likely involves phishing emails or malicious downloads.  

To mitigate the risk of such attacks, Cyble recommends implementing strict email attachment filtering, restricting the execution of unverified files, and enhancing user awareness about phishing threats. 

Organizations should also deploy advanced security solutions capable of detecting fileless malware attacks. The research highlights the evolving nature of cyber threats and the need for proactive cybersecurity measures to safeguard sensitive data.
Read more »
Privacy
Browsing Cache Chrome Cookies Privacy

Why Clearing Cache and Cookies Matters for Safe Browsing

 


It seems to be a minor step, clearing your cache and cookies, but it is really a big factor in improving online safety and making your browsing easier. While these tools are intended to make navigation on the web faster and easier, they can sometimes create problems. Let's break this down into simple terms to help you understand why refreshing your browser is a good idea.

What are cache and cookies?

Cache: Think of the cache as your browser's short-term memory. When you visit a website, your browser saves parts of it—like images, fonts, and scripts—so the site loads faster the next time. For example, if you shop online more often, product images or banners might pop out quickly because they have been stored in your cache. This feature improves your surfing speed and reduces internet usage.

Cookies: Cookies are tiny text files that are stored on your browser. They help the websites remember things about you, such as your login details or preferences. For instance, they can keep you logged in to your email or remember items in your shopping cart. There are two main types of cookies:  

  • First-party cookies: Created by the website you're visiting to improve your experience.
  • Third-party cookies: From other websites, usually advertisers, and will be tracking your activities across various different sites.

Why Cache and Cookies Can Be Slippery

Cache Risks: The cache does help speed up things. Sometimes, however, it creates problems. The files in the cache may get outdated or corrupt and hence load a website wrongly. Web hackers can exploit the cached data by "web cache poisoning" which makes the user download bad content.

Cookie Risks: Cookies can be misused too. If someone steals your cookies, they could access your accounts without needing your password. Third-party cookies are particularly invasive, as they track your online behavior to create detailed profiles for targeted advertising.  

Why Clear Cache and Cookies?  

1. Fix Website Problems: Clearing the cache deletes outdated files, helping websites function smoothly.  

2. Protect Your Privacy: Removing cookies stops advertisers from tracking you and reduces the risk of hackers accessing your accounts.  

3. Secure Common Devices: If you’re using a public or shared computer, clearing cookies ensures your data isn’t accessible to the next user.  

How to Clear Cache and Cookies  

 Here is a quick tutorial for Google Chrome.

1. Open the browser and click on the three dots in the top-right corner.  

2. Go to Settings and select Privacy and Security.  

3. Click Clear Browsing Data.  

4. Check the boxes for "Cookies and other site data" and "Cached images and files."  

5. Select a time range (e.g., last hour or all time) and click Clear Data.

Clearing your cache and cookies is essentially the refresh button for your browser. It helps resolve problems, increases security, and guarantees a smoother, safer browsing experience. Regularly doing this simple task can make all the difference to your online privacy and functionality.


Read more »
User Data
Amazon Chrome Cookie Data Facebook Safari Technology User Data

No More Internet Cookies? Digital Targeted Ads to Find New Ways


Google Chrome to block cookies

The digital advertising world is changing rapidly due to privacy concerns and regulatory needs, and the shift is affecting how advertisers target customers. Starting in 2025, Google to stop using third-party cookies in the world’s most popular browser, Chrome. The cookies are data files that track our internet activities in our browsers. The cookie collects information sold to advertisers, who use this for targeted advertising based on user data. 

“Cookies are files created by websites you visit. By saving information about your visit, they make your online experience easier. For example, sites can keep you signed in, remember your site preferences, and give you locally relevant content,” says Google.

In 2019 and 2020, Firefox and Safari took a step back from third-party cookies. Following their footsteps, Google’s Chrome allows users to opt out of the settings. As the cookies have information that can identify a user, the EU’s and UK’s General Data Protection Regulation (GDPR) asks a user for prior consent via spamming pop-ups. 

No more third-party data

Once the spine of targeted digital advertising, the future of third-party cookies doesn’t look bright. However, not everything is sunshine and rainbows. 

While giants like Amazon, Google, and Facebook are burning bridges by blocking third-party cookies to address privacy concerns, they can still collect first-party data about a user from their websites, and the data will be sold to advertisers if a user permits, however in a less intrusive form. The harvested data won’t be of much use to the advertisers, but the annoying pop-ups being in existence may irritate the users.

How will companies benefit?

One way consumers and companies can benefit is by adapting the advertising industry to be more efficient. Instead of using targeted advertising, companies can directly engage with customers visiting websites. 

Advances in AI and machine learning can also help. Instead of invasive ads that keep following you on the internet, the user will be getting information and features personally. Companies can predict user needs, and via techniques like automated delivery and pre-emptive stocking, give better results. A new advertising landscape is on its way.

Read more »
Technology
Apple Chrome Google Internet Safari Safe Browsing Technology

Choosing the Right Browser: Privacy Tips from Apple and Google

Apple vs. Google: The Battle for Browser Privacy

Apple has launched an ad campaign urging over a billion iPhone users to stop using Google Chrome, citing privacy concerns. This campaign has sparked a heated debate between two tech giants, Apple and Google, over the best way to protect user privacy online.

Apple’s Stance on Privacy

Apple has long positioned itself as a champion of user privacy. In its latest campaign, Apple highlights the extensive use of tracking cookies by Google Chrome. These cookies, Apple claims, follow users across the web, collecting data on their browsing habits. Apple argues that Chrome’s Incognito mode, which many users rely on for private browsing, isn’t truly private. According to Apple, Incognito mode still allows websites to track user activity, albeit to a lesser extent.

To counter these privacy concerns, Apple promotes its own browser, Safari, as a more secure alternative. Safari, Apple claims, uses Intelligent Tracking Prevention (ITP) to limit the ability of advertisers to track users across websites. This feature, combined with other privacy-focused tools, makes Safari a more attractive option for users who prioritize their online privacy.

Google’s Response

Google, on the other hand, has defended Chrome’s privacy practices. In response to Apple’s campaign, Google emphasized that Chrome is designed to keep user data safe and give users control over their privacy settings. Google points out that Chrome offers a range of privacy features, including the ability to block third-party cookies and manage site permissions.

Google also highlights its commitment to transparency. The company regularly updates its privacy policies and provides users with clear information about how their data is collected and used. Google argues that this transparency, combined with robust privacy controls, makes Chrome a trustworthy choice for users.

The Broader Context

This clash between Apple and Google is part of a larger conversation about online privacy. As more of our lives move online, the amount of data we generate has skyrocketed. This data is incredibly valuable to advertisers, who use it to target ads more effectively. However, this data collection has raised significant privacy concerns.

Many users are unaware of the extent to which their online activities are tracked. Even when using private browsing modes, such as Chrome’s Incognito mode, users may still be tracked by websites and advertisers. This has led to calls for greater transparency and stronger privacy protections.

Choosing the Right Browser

So, what does this mean for the average user? When choosing a browser, it’s important to consider your privacy needs. If you prioritize privacy and want to limit tracking as much as possible, Safari may be the better choice. Apple’s Intelligent Tracking Prevention and other privacy features can help protect your data from advertisers.

However, if you value customization and control over your browsing experience, Chrome offers a range of privacy tools that can be tailored to your needs. Google’s transparency about its data collection practices also provides users with a clear understanding of how their data is used.

Ultimately, the choice between Safari and Chrome comes down to personal preference. Both browsers have their strengths and weaknesses, and the best choice will depend on your individual privacy needs and browsing habits.

Read more »
Vulnerabilities and Exploits
Chrome Data Safety Mozilla Firefox Safety. Security Vulnerabilities and Exploits

18-Year-Old Vulnerability in Firefox and Chrome Actively Exploited in Cyber Attacks

 

A security vulnerability, identified 18 years ago and known as "0.0.0.0 Day," has been discovered to allow malicious websites to bypass security measures in Google Chrome, Mozilla Firefox, and Apple Safari. This vulnerability enables these websites to interact with services on a local network, posing significant risks.

It is important to note that this vulnerability affects only Linux and macOS devices and does not impact Windows systems. On the affected devices, attackers can exploit this flaw to remotely change settings, gain unauthorized access to protected information, and, in some cases, execute remote code. Despite being reported in 2008, this issue remains unresolved in Chrome, Firefox, and Safari, although all three browsers have acknowledged the problem and are working on a fix. Researchers at Oligo Security have observed multiple threat actors exploiting this vulnerability as part of their attack strategies.

The 0.0.0.0 Day vulnerability arises from inconsistent security mechanisms across different browsers and the lack of standardization, which allows public websites to communicate with local network services using the "wildcard" IP address 0.0.0.0. Typically, this IP address represents all IP addresses on the local machine or all network interfaces on the host. It can also be used as a placeholder address in DHCP requests or interpreted as the localhost (127.0.0.1) in local networking. Malicious websites can send HTTP requests to 0.0.0.0 targeting services running on the user's local machine. Due to inconsistent security, these requests are often processed.

Existing protection mechanisms like Cross-Origin Resource Sharing (CORS) and Private Network Access (PNA) fail to prevent this risky activity, according to Oligo. Web browsers typically prevent websites from making requests to third-party sites and using the returned information to protect against malicious websites connecting to other URLs in a visitor's web browser where they may be authenticated, such as online banking portals or email servers.

Unfortunately, the risk isn't just theoretical. Oligo Security has identified several cases where the 0.0.0.0 Day vulnerability is actively exploited. One such case is the ShadowRay campaign, documented last March, targeting AI workloads running locally on developers' machines. The attack begins when a victim clicks on a link that triggers JavaScript to send an HTTP request to 'http://0[.]0[.]0[.]0:8265', typically used by Ray. 

These requests reach the local Ray cluster, leading to scenarios of arbitrary code execution, reverse shells, and configuration alterations. Another campaign targeting Selenium Grid was discovered by Wiz, where attackers use JavaScript on a public domain to send requests to 'http://0[.]0[.]0[.]0:4444.' These requests are routed to the Selenium Grid servers, enabling code execution or network reconnaissance. The "ShellTorch" vulnerability, reported by Oligo in October 2023, involves the TorchServe web panel being bound to the 0.0.0.0 IP address by default, exposing it to malicious requests.

In response to Oligo's disclosure, web browser developers are starting to take action. Google Chrome, the world's most popular web browser, plans to block access to 0.0.0.0 via a gradual rollout from version 128 to version 133. Mozilla Firefox, which does not yet implement PNA, has set the development of this feature as a high priority and has initiated temporary fixes, though no rollout dates have been provided. Apple has implemented additional IP checks on Safari and will block access to 0.0.0.0 in version 18, introduced with macOS Sequoia.

Until browser fixes are fully implemented, Oligo recommends that app developers take the following security measures:

- Implement PNA headers.
- Verify HOST headers to protect against DNS rebinding attacks.
- Do not trust localhost—add authorization, even locally.
- Use HTTPS whenever possible.
- Implement CSRF tokens, even for local apps.

Most importantly, developers should be aware that until these fixes are rolled out, it is still possible for malicious websites to route HTTP requests to internal IP addresses. This security consideration should be kept in mind when developing apps.
Read more »
Zero-day Flaw
Browser Chrome User Security Vulnerability and Exploits Zero-day Flaw

'0.0.0.0 Day' Vulnerability Puts Chrome, Firefox, Mozilla Browsers at Risk

 

A critical security bug known as "0.0.0.0 Day" has shook the cybersecurity world, leaving millions of users of popular browsers such as Chrome, Firefox, and Safari vulnerable to future assaults. This vulnerability allows malicious actors to possibly gain access to files, messages, credentials, and other sensitive data saved on a device within a private network, specifically "localhost.” 

What is 0.0.0.0 day flaw?

The term "0.0.0.0 Day" refers to a new vulnerability identified by Israeli cybersecurity startup Oligo that hackers can exploit before a fix is released. The zeroes indicate a lack of prior information or awareness of flaws. This makes it especially risky because users and developers are taken completely off guard. 

According to the research, the exploit consists of fraudulent websites luring browsers into allowing them to interface with APIs (Application Programming Interfaces) running on a user's local PC. These APIs are primarily intended for internal communication within applications and should not be available from other sources, such as websites. Attackers that exploit the 0.0.0.0 Day vulnerability could possibly get unauthorised access to sensitive information saved on a user's device, steal data, or even launch malware. 

Impact on key browsers 

The security ramifications of this issue are extensive. Here's a closer look at the possible impact on major browsers. 

Chrome zero-Day vulnerability: Google Chrome, the world's most popular browser, is an obvious target for attackers. A successful exploit of the 0.0.0.0 Day bug could allow criminals to get beyond Chrome's security measures and get access to a user's local network. This could expose sensitive information kept on a user's PC, compromise corporate networks if a user works remotely, or even aid in the installation of malware. 

Firefox zero-day vulnerability: Although Firefox is not as extensively used as Chrome, it is a popular choice for many consumers. A successful exploit of the 0.0.0.0 Day vulnerability may have similar repercussions for Firefox users. Attackers could potentially obtain access to local networks, steal data, or carry out malware attacks. 

Safari Zero-Day vulnerability: The 0.0.0.0 Day vulnerability could also affect Apple's Safari browser, which is the default browser on all Apple devices. While Apple has a reputation for strong security, this vulnerability underlines the ongoing need for vigilance. A successful exploit can allow attackers access to a user's local network on a Mac or iOS device, possibly compromising private information or aiding new assaults. 

The disclosure of the 0.0.0.0 Day vulnerability underlines the ongoing challenge of ensuring browser security in an increasingly complicated threat ecosystem. Browser developers must continue to invest in R&D to remain ahead of thieves. Users must also be cautious and follow best practices to safeguard themselves from emerging risks.
Read more »
Subscribe to: Posts (Atom)