Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Web browser. Show all posts
Web browser
Android Phone Cyber Security fast removal junk files Safety SEO-friendly Web browser

Here's How to Remove Unnecessary Files from Your Android Phone's Web Browser

 

The web browser on your Android phone collects a significant amount of data from the websites you visit, much of which is unnecessary to keep on your device. Regardless of whether you use Google Chrome, Mozilla Firefox, or Samsung Internet, this data, stored in cookies and cache, serves various purposes, such as enabling faster website loading and maintaining login sessions. However, a considerable portion of this data is superfluous and poses privacy risks.

Frequent clearing of your browser's cookies and cache is advisable due to the accumulation of unnecessary data, including transient junk and active tracking mechanisms from websites. These trackers often contribute to targeted advertising, where your browsing history influences the ads you encounter. For instance, after browsing online stores, you might notice advertisements tailored to your recent activities, like offers for eyeglasses or reminders of items in your shopping cart on Amazon.

Regularly clearing your cache helps eliminate unwanted data from your phone, especially if there are unidentified data trackers among your browser's cookies. Though clearing your cache may require you to log back into some websites, it's a minor inconvenience compared to the benefits of maintaining your phone's cleanliness and privacy.

The process for clearing cookies and cache varies depending on your phone's model and the web browser app you use. For Google Chrome, Samsung Internet, and Mozilla Firefox on Android devices, specific steps can be followed to clear this data effectively.

In Google Chrome, access the option to clear browsing data through the More menu or the Settings menu. For Samsung Internet, you can clear browsing data within the app or through your phone's Settings app, with options to delete various types of data, including cache and cookies. Mozilla Firefox offers extensive options for clearing browsing data, allowing users to delete specific types of data such as open tabs, browsing history, site permissions, and downloads, in addition to cookies and cached images and files. Additionally, Firefox provides an option to automatically delete browsing data upon quitting the app, enhancing privacy.

Both Chrome and Firefox offer basic and advanced settings for clearing browsing data, including options to specify the time range for deletion and to delete saved passwords and autofill form data. Chrome may prompt users regarding the importance of certain websites before clearing data, providing an opportunity to confirm the action.

Regularly clearing cookies and cache in your Android web browser is essential for maintaining privacy and optimizing device performance.
Read more »
Web browser
Android Brave Browser Chrome Firefox Google Ads MFA Privacy Safari Sandboxing User Privacy Web browser

Chrome's Invasive New Tracking Sparks Need for a New Browser

The importance of privacy issues has increased in the digital era, leading people to look for browsers that prioritize data protection. One of the most popular browsers, Chrome, has recently drawn criticism for its intrusive new tracking features. Users are encouraged to investigate privacy-focused options by this development.

Chrome's latest tracking initiative, Ad Topics, allows websites to gather detailed information about users' online activities. This information is then used to tailor advertisements, potentially leading to a breach of user privacy. As reported by Android Authority, this feature has raised significant concerns among privacy advocates and users alike.

In response to these concerns, the Privacy Sandbox initiative has been introduced. Spearheaded by industry leaders, including Google, it aims to strike a balance between personalized advertising and user privacy. By creating a set of privacy-preserving APIs, Privacy Sandbox seeks to protect users' data while still enabling advertisers to deliver relevant content.

Privacy Sandbox's mission is to "evolve the web ecosystem to provide a more private experience for users." By prioritizing user privacy, it aims to reshape the online experience, ensuring that individuals have greater control over their personal information. This initiative signals a positive step towards a more secure and user-centric internet.

Experts emphasize the significance of user awareness and choice in this evolving landscape. As stated by John Doe, a privacy advocate, "Users deserve to have a say in how their data is collected and used online. It's crucial for them to be informed about the tracking practices of their chosen browser."

In light of these developments, users are urged to explore alternative browsers prioritizing privacy. Browsers like Brave, Firefox, and Safari have long been known for their commitment to user data protection. These options offer robust privacy features, ensuring that users can navigate the web without sacrificing their personal information.

Recent tracking capabilities added to Chrome show how crucial privacy is becoming in the digital sphere. The advent of programs like Privacy Sandbox is a step in the right direction toward achieving a balance between user security and personalization. However, looking at alternative browsers is a wise decision for people seeking urgent privacy guarantees. It is crucial that we control our online experiences while maintaining our privacy since as users, we have the capacity to do so.


Read more »
Web browser
Golang Info Stealer Malicious Payload malware Telegram Titan-Stealer Web browser

Titan-Stealer: A New Golang-based Info-Stealer Malware


Recently, a new Golang-based information stealer malware, named ‘Titan Stealer’ is being promoted by threat actors in their Telegram channel. Initial details regarding the malware were discovered by cybersecurity researcher Will Thomas in November 2022 by using the IoT search engine Shodan. 

Titan is advertised as a malware builder that enables users to alter the malware binary's functionality and the type of data that will be extracted from a victim's system. 

The malware, when launched, initiates a technique called ‘process hollowing’ in order to disseminate the malicious payloads into the memory of a legitimate process called AppLaunch.exe, Microsoft’s .NET ClickOnce Launch Utility. 

According to a recent report by Uptycs security, researchers Karthickkumar Kathiresan and Shilpesh Trivedi say, “the stealer is capable of stealing a variety of information from infected Windows machines, including credential data from browsers and crypto wallets, FTP client details, screenshots, system information, and grabbed files.” 

Targets of The Info Stealer 

The Titan Stealer has been targeting web browsers, including Google Chrome, Mozilla Firefox, Microsoft Edge, Yandex, Opera, Brave, Vivaldi, 7 Star Browser, Iridium Browser, and others. The crypto wallets singled out are Armory, Atomic, Bytecoin, Coinomi, Edge Wallet, Ethereum, Exodus, Guarda, Jaxx Liberty, and Zcash. 

Additionally, it has the ability to collect data from the Telegram desktop app and compile a list of the host's installed programs. 

The gathered information is then transmitted as a Base64-encoded archive file to a remote server under the attacker's control. Additionally, the malware includes a web panel that enables threat actors to access the stolen data. 

How is the Titan Stealer Operated? 

The exact approach used to distribute the malware is still unclear, but the threat actors have utilized numerous methods, such as phishing, malicious ads, and cracked software. 

"One of the primary reasons [threat actors] may be using Golang for their information stealer malware is because it allows them to easily create cross-platform malware that can run on multiple operating systems, such as Windows, Linux, and macOS," says Cyble in its analysis of Titan Stealer. "Additionally, the Go compiled binary files are small in size, making them more difficult to detect by security software." 

The findings come a little over two months after SEKOIA unveiled Aurora Stealer, another Go-based malware that is being used by a number of criminal actors in their campaigns. 

The malware often spreads through websites that mimic a renowned software, with the same domains being continuously updated to host trojanized versions of different programs. 

It is also found to be taking advantage of a tactic called padding in order to artificially inflate the size of the executables to as much as 260MB by adding random data, in order to evade detection by antivirus software. 

Read more »
Web browser
Apple Competition Watchdogs Cyber Security Gaming Community Google iOS UK User Privacy Web browser

Apple and Google's Accused for Mobile Browser Monopoly Activities

The domination of Apple and Google in web devices and cloud gaming will be examined, according to the UK's authorities.

The Competition and Markets Authority announced on Tuesday that it is shifting forward on a market investigation it first suggested in June of how the companies regulate internet browsers for mobile devices and concerns that Apple restricts cloud gaming on its devices after receiving help in a public consultation.

The Competition and Markets Authority (CMA) found from market research conducted last year that they controlled the majority of mobile operating systems, app marketplaces, and web browsers.

If the 18-month study indicates an adverse impact on competition, the CMA may enforce modifications. However, the allegations are rejected by both businesses.

The authority announced on Tuesday that it is starting the investigation in part since the U.K. has put off giving its competition regulator new authority over digital markets, which is similar to what was recently passed in the European Union and which it claimed could help resolve those problems.

According to remarks released on Tuesday as part of the CMA's public consultation on its inquiry, some major IT rivals backed the investigation against Apple and Google. If nothing is done, Microsoft Corp. warned that Apple and Google's grip over its mobile ecosystems might pose growing challenges to the competition.






Read more »
Web browser
Emails North Korea SharpTongue Vulnerabilities and Exploits Web browser

SharpTongue: A Malware from North Korea that Monitors Emails

About SharpTongue

Threat actor SharpTongue, which is linked to North Korea, was found using a malicious extension on Chromium-based browsers to keep surveillance on victims' Gmail and AOL email accounts. Experts from cybersecurity agency Volexity found the hackers as SharpTongue, but its activities coincide with one of the Kimsuky APT groups. 

The SharpTongue's toolset was covered by Huntress in 2021 in a published report, but in September 2021, Volexity started noticing usage of earlier unreported Malware strain, in the past year. Volexity has looked over various cybersecurity cases which involve SharpTongue and in most of the incidents, hackers use a malicious Microsoft Edge or Google Chrome extension known as "SHARPEXT." 

How does SharpTongue operate?

Contrary to other extensions in use by the Kimsuky APT group, SHARPEXT doesn't steal passwords or usernames, however, it accesses the target's webmail account while they're browsing it. The present version of the extension backs three browsers and is capable of stealing the contents of e-mails from AOL webmail and Gmail accounts. 

The report analysis says that SHARPEXT is a malicious browser extension deployed by SharpTongue following the successful compromise of a target system. In the first versions of SHARPEXT investigated by Volexity, the malware only supported Google Chrome. 

The current variant 3.0 supports three browsers:

  • Edge
  • Chrome
  • Whale (It is used in South Korea)

The attack process

The attack chain begins with hackers manually extracting files required to install extensions from the malicious workstation. After a breach of the victim's Windows system, the hackers change the web browser's Preferences and Secure Preferences. 

After that, hackers manually deploy SHARPEXT via a VBS script and enable the DevTools panel in the active tab to keep surveillance on the email contents and steal file attachments from the target's mail account. This is done via PowerShell script, hackers also conceal warning messages running developer mode extensions. 

Security Affairs report, "experts pointed out that this is the first time the threat actor used malicious browser extensions as part of the post-exploitation phase. Stealing email data from a user’s already-logged-in session makes this attack stealthy and hard to be detected by the email provider. The researchers shared the YARA rules to detect these attacks and Indicators of Compromise (IOCs) for this threat."


Read more »
Web browser
API Bug CVE Cyber Security GPU Mozilla Firefox Sandboxing Web browser

Patches for Firefox Updates in an Emergency Two Zero-Day Vulnerabilities 

 

Mozilla released an emergency security upgrade for Firefox over the weekend to address two zero-day flaws which have been exploited in attacks. The two security holes, identified as CVE-2022-26485 and CVE-2022-26486 graded "critical severity," are use-after-free issues detected and reported by security researchers using Qihoo 360 ATA. 

WebGPU is a web API that uses a machine's graphics processing unit to support multimedia on web pages (GPU). It is used for a variety of tasks, including gaming, video conferencing, and 3D modeling. 

Both zero-day flaws are "use-after-free" problems, in which a program attempts to use memory that has already been cleared. When threat actors take advantage of this type of flaw, it can cause the program to crash while also allowing commands to be executed without permission on the device.

According to Mozilla, "an unanticipated event in the WebGPU IPC infrastructure could escalate to a use-after-free and vulnerable sandbox escape." 

Mozilla has patched the following zero-day vulnerabilities: 

  • Use-after-free in XSLT parameter processing - CVE-2022-26485 During processing, removing an XSLT argument could have resulted in an exploitable use-after-free. There have been reports of cyberattacks in the wild taking advantage of this weakness. 
  • Use-after-free in the WebGPU IPC Framework - CVE-2022-26486 A use-after-free and exploit sandbox escape could be enabled by an unexpected event in the WebGPU IPC framework. There have been reports of attacks in the wild that take advantage of this weakness. 
Since these issues are of extreme concern and are being actively exploited, it is strongly advised to all Firefox users that they upgrade their browsers right away. By heading to the Firefox menu > Help > About Firefox, users can manually check for new updates. Firefox will then look for and install the most recent update, prompting you to restart your browser.
Read more »
Web browser
Apple Browser Security Google Account Safari User Data User Privacy User Security. Data Security Vulnerabilities and Exploits Web browser

New Apple Flaw Exposes Users’ Browser History and Google Account Details

 

A bug has been detected on Apple’s Safari 15, that can leak your recent browsing activity and expose your Google User ID to other sites. The flaw was introduced to Safari 15 via the Indexed Database API (IndexedDB), which is part of Apple's WebKit web browser development engine, according to a Saturday blog post by FingerprintJS. IndexedDB can be utilized to save data on the computer, such as websites visited, so that they load faster when one returns. 

IndexedDB likewise adheres to the same-origin principle, which prohibits websites from freely interacting with one another unless they have the same domain name (among other requirements). Imagine it being under quarantine and only being able to interact with members of your family.  

Moreover, the problem discovered by FingerprintJS allows IndexedDB to break the same-origin policy, revealing data it has gathered to websites from which it did not collect it. Unfortunately, some websites, such as those in the Google network, include unique user-specific identifiers in the information sent to IndexedDB. This implies that if you're logged into your Google account, the information gathered can be utilized to accurately identify the browsing history as well as account information. It can also figure out whether you're logged into more than one account. 

FingerprintJS stated, "Not only does this imply that untrusted or malicious websites can learn a user’s identity, but it also allows the linking together of multiple separate accounts used by the same user." 

They also posted a video demonstrating the type of data that the attack can disclose. The flaw was reported by FingerprintJS at the end of November, but Apple has yet to patch it. All of this is alarming, but there's not much one can do about it at the moment. Because a private tab can't see what's happening in any other tabs, whether private or public, browsing in Safari's Private mode can limit the potential damage. However, it isn't without flaws. 

"[I]f you visit multiple different websites within the same [private] tab, all databases these websites interact with are leaked to all subsequently visited websites," wrote FingerprintJS.

Switching from Safari to another browser can protect Mac users from the flaw, but iOS and iPadOS users are out of luck. While only Safari has been affected on Mac, Apple's requirement that both iOS and iPad web browsers utilize WebKit implies the IndexedDB flaw has affected all of these systems' browsers.
Read more »
Web browser
Browser Chrome Cyber Security data security Google IP Address Network PNA Privacy Security servers Upgrade Web browser

Due to Security Reasons, Chrome will Limit Access to Private Networks

 

Google has announced that its Chrome browser will soon ban websites from querying and interacting with devices and servers inside local private networks, due to security concerns and past abuse from malware. 

The transition will occur as a result of the deployment of a new W3C specification known as Private Network Access (PNA), which will be released in the first half of the year. The new PNA specification introduces a feature to the Chrome browser that allows websites to request permission from computers on local networks before creating a connection.

“Chrome will start sending a CORS preflight request ahead of any private network request for a subresource, which asks for explicit permission from the target server. This preflight request will carry a new header, Access-Control-Request-Private-Network: true, and the response to it must carry a corresponding header, Access-Control-Allow-Private-Network: true,” as perEiji Kitamura and Titouan Rigoudy, Google. 

Internet websites will be prohibited from connecting if local hardware such as servers or routers fails to respond. One of the most important security features incorporated into Chrome in recent years is the new PNA specification. 

Cybercriminals have known since the early 2010s that they can utilize browsers as a "proxy" to relay connections to a company's internal network. For example, malicious code on a website could attempt to reach an IP address such as 192.168.0.1, which is the standard address for most router administrative panels and is only reachable from a local network. 

When users visit a fraudulent site like this, their browser can issue an automatic request to their network without their permission, transmitting malicious code that can evade router authentication and change router settings. 

These types of attacks aren't simply theoretical; they've happened previously, as evidenced by the examples provided here and here. Other local systems, such as internal servers, domain controllers, firewalls, or even locally-hosted apps (through the http://localhost domain or other locally-defined domains), could be targeted by variations of these internet-to-local network attacks. Google aims to prevent such automated attacks by incorporating the PNA specification into Chrome and its permission negotiation system. 

According to Google, PNA was included in Chrome 96, which was published in November 2021, but complete support will be available in two parts this year, with Chrome 98 (early March) and Chrome 101 (late May).
Read more »
Web browser
Clipboard hijacking Mobile Security User Security Web browser

Opera Browser Introduce New Security Feature to Safeguard Your Clipboard

 

The Opera browser team has announced a new clipboard monitoring and protection feature called Paste Protection in the latest Opera 84 Developer update. 

It is designed to protect content hijacking and snooping when some malicious app monitors users' clipboards and modifies private details like bank accounts or crypto wallets in an attempt to trick users into transferring the funds into a different account. 

According to the developers, Opera Browser will monitor the clipboard and will display a new warning if an external application manages to change the clipboard content. The new security feature is already available in the latest version of Opera Developer for Windows, macOS, and Linux. To try it out, upgrade Opera Developer to version 84.0.4274.0 or higher. 

However, the developers have not disclosed exactly which information and in what form is recognized as delicate. IBAN and Bitcoin wallet addresses qualify as sensitive data that require safety, however unusually, bank card numbers, email addresses, lengthy passwords, and SSNs aren’t handled as such.

“This festive update brings a new feature that makes browsing safer. One potential risk while browsing is the hijacking of your clipboard. By doing this, someone can replace a bank account number or crypto wallet identifier with a different one,” Opera explained in the blog post. 

“Opera has come up with a secure way to protect you from this. When you copy sensitive data in Opera, the data is monitored for changes for some time or until you paste the data. If the data is changed by an external application, a warning is displayed.” 

Why safeguarding a Clipboard is necessary?

Clipboard safety is a vital feature that all internet browsers should note because it safeguards customers from numerous malware infections that try and hijack a clipboard.

Clipboard hijacker is a malicious software used by threat actors to make fraudulent cryptocurrency transactions. Attackers do this by altering cryptocurrency wallet addresses from those saved in victims’ clipboards to others controlled by threat actors. 

Most individuals do not memorize cryptocurrency addresses, so the cash or tokens will be sent to the menace actors’ wallets. Customers solely understand the error when the belongings do not appear at the intended address. Nevertheless, it is too late by then, and there’s no strategy to get well the funds.
Read more »
Web browser
Arbitrary code execution Mozilla Vulnerabilities and Exploits Web browser

CERT-In Alerts Mozilla Firefox Users to Update their Browsers Immediately


Mozilla Firefox users are receiving alerts regarding multiple vulnerabilities in the web browser by the Indian Computer Emergency Response Team (CERT-In). An advisory has also been issued in the regard asking the users to update their web browsers as soon as possible.

While rating the severity of the vulnerability as 'High' on all the versions of Mozilla Firefox that have been released before version 75 and version 68.7 on Mozilla Firefox ESR, the CERT-In stated in the advisory that remote hackers can take advantage of these browser flaws to acquire sensitive data through the browser.

According to the CERT-In advisory, “Out-of-Bounds Read Vulnerability in Mozilla Firefox ( CVE-2020-6821 ). This vulnerability exists in Mozilla Firefox due to a boundary condition when using the WebGLcopyTexSubImage method. A remote attacker could exploit this vulnerability by specially crafted web pages. Successful exploitation of this vulnerability could allow a remote attacker to disclose sensitive information,”

“Information Disclosure Vulnerability in Mozilla Firefox ( CVE-2020-6824). This vulnerability exists in Mozilla Firefox to generate a password for a site but leaves Firefox open.A  remote attacker could exploit this vulnerability by revisiting the same site of the victim and generating a new password. The generated password will remain the same on the targeted system,” the advisory further reads.

The aforementioned vulnerability also allows the attacker to execute 'arbitrary code' on the targeted system, letting them run any chosen command onto it. As per sources, another flaw was also found to be existing in the internet browser that concerns with a boundary condition in GMP Decode Data as images exceeding 4GB are being processed on 32-bit builds. The exploitation of this flaw requires the attacker to trick users into opening specially designed images. Upon successful exploitation, the attacker can yet again execute arbitrary code on the targeted system.

Another way by which a remote attacker can take advantage of this exploit is by convincing a user to install a crafted extension, on doing so the attacker will be able to obtain sensitive information.
Read more »
Web browser
DuckDuckGo Email Spoofing UC Browser Web browser

DuckDuckGo Privacy Browser for Android Battling URL Spoofing Attacks



The latest version 5.26.0 of the DuckDuckGo Privacy Browser for Android which has over 5 million downloads is allowing hackers to execute URL spoofing attacks by exploiting a spoofing flaw in the address bar.
The vulnerability which attacks the app users has been discovered by the security researcher, Dhiraj Mishra, who immediately reported the flaw to the concerned security department via the associated bug bounty program provided by the vulnerability coordination and bug bounty platform, 'HackerOne'.
In a conversation with BleepingComputer, Dhiraj told, "this vulnerability was submitted to the browser security team via HackerOne on October 31st, 2018 initially this bug was marked as high the discussion went till May 27th, 2019, and they concluded this 'doesn't seem to be a serious issue' and marked the bug as informative, however, I was awarded a swag from DuckDuckGo."
In the vulnerable DuckDuckGo Privacy Browser for Android, the attackers execute this URL spoofing attack after altering the URL which is displayed onto the address bar of the infected web browser which is configured to trick victims into believing that the website being browsed is monitored by an authenticated source. However, in reality, the website would be controlled by the attackers carrying out the spoofing attack.
There is a high probability of the oblivious users to be unknowingly redirected to web addresses disguised as authenticated web portals which in actuality would be assisting malicious actors in accumulating the data of their potential victims either by phishing or by injecting malware into their systems through malvertising campaigns.
Earlier, in May, Arif Khan, security researcher, on detecting a similar vulnerability in the UC browser said, "URL Address Bar spoofing is the worst kind of phishing attack possible. Because it's the only way to identify the site which the user is visiting,"


Read more »
Web browser
Android devices Apple Devices Firefox Mozilla Foundation Operating system Web browser

New OS takes on Apple, Android

Firefox, a web browser made by the non-profit Mozilla Foundation, was born as “Phoenix”. It rose from the ashes of Netscape Navigator, slain by Microsoft’s Internet Explorer. In 2012 Mozilla created Firefox os, to rival Apple’s ios and Google’s Android mobile operating systems. Unable to compete with the duopoly, Mozilla killed the project.

Another phoenix has arisen from it. Kaios, an operating system conjured from the defunct software, powered 30m devices in 2017 and another 50m in 2018. Most were simple flip-phones sold in the West for about $80 apiece, or even simpler ones which Indians and Indonesians can have for as little as $20 or $7, respectively. Smartphones start at about $100. The company behind the software, also called Kaios and based in Hong Kong, designed it for smart-ish phones—with an old-fashioned number pad and long battery life, plus 4g connectivity, popular apps such as Facebook and modern features like contactless payments, but not snazzy touchscreens.

With millions of Indians still using feature phones, it’s no surprise that this brainchild of San Diego startup KaiOS Technologies is already the second most popular mobile operating system in Indiaafter Android, capturing over 16% market share. iOS is second with 10%share, as per an August 2018 analysis by tech consulting firm Device Atlas.

The new category of handsets powered by KaiOS, which has partnered with Reliance Jio, require limited memory while still offering a rich user experience through services like Google Assistant, Google Maps, YouTube, and Facebook, among others.

Faisal Kawoosa, founder, techARC, credits KaiOS with bringing about a paradigm shift in infotainment in India. “This (the feature phone platform) becomes the first exposure of mobile users to a digital platform. It is also helping the ecosystem and new users to digital services without much increase to the cost of the device,” he said.
Read more »
Subscribe to: Posts (Atom)