
❌ About FreshRSS
There are new available articles, click to refresh the page.
Before yesterdaySecurity

Chrome fixes 8th zero-day of 2022 – check your version now (Edge too!)

By Paul Ducklin
There isn't a rhyme to remind you which months have browser zero-days... you just have to keep your eyes and ears open!

Update Chrome Browser Now to Patch New Actively Exploited Zero-Day Flaw

By Ravie Lakshmanan
Google on Thursday released software updates to address yet another zero-day flaw in its Chrome web browser. Tracked as CVE-2022-4135, the high-severity vulnerability has been described as a heap buffer overflow in the GPU component. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the flaw on November 22, 2022. Heap-based buffer overflow bugs can be 

Millions of Android Devices Still Don't Have Patches for Mali GPU Flaws

By Ravie Lakshmanan
A set of five medium-severity security flaws in Arm's Mali GPU driver has continued to remain unpatched on Android devices for months, despite fixes released by the chipmaker. Google Project Zero, which discovered and reported the bugs, said Arm addressed the shortcomings in July and August 2022. "These fixes have not yet made it downstream to affected Android devices (including Pixel, Samsung,

“This Connection Is Not Private” – What it Means and How to Protect Your Privacy

By McAfee

Have you ever been browsing online and clicked a link or search result that took you to a site that triggers a “your connection is not private” or “your connection is not secureerror code? If you’re not too interested in that particular result, you may simply move on to another result option. But if you’re tempted to visit the site anyway, you should be sure you understand what the warning means, what the risks are, and how to bypass the error if you need to.   

What does “this connection is not private” mean?

A “your connection is not private” error means that your browser cannot determine with certainty that a website has safe encryption protocols in place to protect your device and data. You can bump into this error on any device connected to the internet — computer, smartphone, or tablet.  

So, what exactly is going on when you see the “this connection is not private” error?  

For starters, it’s important to know that seeing the error is just a warning, and it does not mean any of your private information is compromised. A “your connection is not privateerror means the website you were trying to visit does not have an up-to-date SSL (secure sockets layer) security certificate. 

Website owners must maintain the licensing regularly to ensure the site encryption capabilities are up to date. If the website’s SSL certificate is outdated, it means the site owners have not kept their encryption licensing current, but it doesn’t necessarily mean they are up to no good. Even major websites like LinkedIn have had momentary lapses that would throw the error. LinkedIn mistakenly let their subdomain SSL certificates lapse.  

In late 2021, a significant provider of SSL certificates, Let’s Encrypt, went out of business. When their root domain officially lapsed, it created issues for many domain names and SSL certificates owned by legitimate companies. The privacy error created problems for unwitting businesses, as many of their website visitors were rightfully concerned about site security.  

While it does not always mean a website is unsafe to browse, it should not be ignored. A secure internet connection is critical to protecting yourself online. Many nefarious websites are dangerous to visit, and this SSL certificate error will protect you from walking into them unaware.   

SSL certification standards have helped make the web a safer place to transact. It helps ensure online activities like paying bills online, ordering products, connecting to online banking, or keeping your private email accounts safe and secure. Online security continues to improve with a new Transport Layer Security (TLS) standard, which promises to be the successor protocol to SSL. 

So be careful whenever visiting sites that trigger the “connection is not private” error, as those sites can potentially make your personal data less secure and make your devices vulnerable to viruses and malware 

Note: The “your connection is not private” error is Google Chrome‘s phrasing. Microsoft Edge or Mozilla Firefox users will instead see a “your connection is not secure” error as the warning message.   

How to fix the “connection is not private” error

If you feel confident that a website or page is safe, despite the warning from your web browser, there are a few things you can do to troubleshoot the error.  

  • Refresh the page. In some cases, the error is just a momentary glitch. Try reloading the page to rule out a temporary error.  
  • Close browser and reopen. Closing and reopening your web browser might also help clear a temporary glitch.  
  • If you’re on public WiFi, think twice. Hackers often exploit public WiFi because their routers are usually not as secure or well-maintained for security. Some public WiFi networks may not have an SSL connection, or they may limit your access to websites. You can safely browse more securely in public spaces if you have an antivirus software or virtual private network (VPN) solution. 
  • Use “Incognito” mode. The most used browsers (Google Chrome browser, Mac‘s Safari, Mozilla Firefox, and Microsoft Edge) offer an “Incognito mode” that lets you browse without data collecting in your history or cache. Open the site in a new incognito window and see if the error still appears.  
  • Clear the cache on your browser. While cookies make browsing the web more convenient and personalized, they also can hold on to sensitive information. Hackers will take advantage of cached data to try and get passwords, purchase information, and anything else they can exploit. Clear browsing data before going to a site with the “connection is not secure” error to help limit available data for hackers 
  • Check the computer’s date and time. If you frequently see the “connection is not private” error, you should check and ensure your computer has the accurate time and date. Your computer’s clock can sometimes have time and date stamp issues and get glitchy in multiple ways. If it’s incorrect, adjust the date and set the time to the correct settings.  
  • Check your antivirus software. If your antivirus software is sensitive, you may have to disable it momentarily to bypass the error. Antivirus software protects you, so you should be careful to remember to turn the software back on again after you’ve bypassed the error.  
  • Be sure your browsers and operating systems are up to date. You should always keep your critical software and the operating system fully updated. An outdated browser can start getting buggy and can increase the occurrence of this kind of error.  
  • Research the website. Do a quick search for the company of the website you wish to visit and make sure they are a legitimate business. You can search for reviews, Better Business Bureau ratings, or check for forums to see if others are having the same issue. Be sure you are spelling the website address correctly and that you have the correct URL for the site. Hackers can take advantage of misspellings or alternative URLs to try and snare users looking for trusted brands. 
  • If it’s not you, it’s them. If you’ve tried all the troubleshooting techniques above and you still see the error, the problem is likely coming from the site itself. If you’re willing to take your chances (after clearing your browser’s cache), you can click the option to “proceed to the domain,” though it is not recommended. You may have to choose “advanced settings” and click again to visit the site.   

Remember, you are taking your chances anytime you ignore an error. As we mentioned, you could leave yourself vulnerable to hackers after your passwords, personal information, and other risks.  

How to protect your privacy when browsing online

Your data and private information are valuable to hackers, so they will continue to find new ways to try and procure it. Here are some ways to protect yourself and your data when browsing online.  

  • Antivirus solutions are, hands down, your best line of protection against hacking. Solutions like McAfee+ Ultimate offer all the tools you need to secure your data and devices.  
  • Use strong passwords and two-factor authentication when available. 
  • Delete unused browser extensions (or phone apps) to reduce access. 
  • Always keep your operating system and browsers up-to-date. You can open system preferences and choose to update your system automatically. 
  • Use a secure VPN solution to shield your data when browsing. 
  • Use your favorite browser’s incognito mode to reduce the data connected to your devices. 
  • Remove any 3rd party apps from your social media accounts — especially if you’ve recently taken a Facebook quiz or similar (also, don’t take Facebook quizzes). 
  • Engage the highest privacy settings in each of your browsers. 
  • Always check the address bar for HTTPS before sharing credit cards or other sensitive data on a website. 
  • Share less personal and private information on social media.  

Discover how McAfee keeps you and your data safe from threats

As we continue to do more critical business online, we must also do our best to address the risks of the internet’s many conveniences.  

A comprehensive cybersecurity tool like McAfee+ Ultimate can help protect you from online scams, identity theft, and phishing attempts, and ensure you always have a secure connection. McAfee helps keep your sensitive information out of the hands of hackers and can help you keep your digital data footprints lighter with personal data cleanup.  

With McAfee’s experts on your side, you can enjoy everything the web offers with the confidence of total protection. 

The post “This Connection Is Not Private” – What it Means and How to Protect Your Privacy appeared first on McAfee Blog.

How to Tell Whether a Website Is Safe or Unsafe

By McAfee

It’s important to know that not all websites are safe to visit. In fact, some sites may contain malicious software (malware) that can harm your computer or steal your personal contact information or credit card numbers.  

Phishing is another common type of web-based attack where scammers try to trick you into giving them your personal information, and you can be susceptible to this if you visit a suspicious site.  

Identity theft is a serious problem, so it’s important to protect yourself when browsing the web. Online security threats can be a big issue for internet users, especially when visiting new websites or following site links. 

So how can you tell if you’re visiting a safe website or an unsafe website? You can use a few different methods. This page discusses key things to look for in a website so you can stay safe online. 

Key signs of website safety and security

When you’re visiting a website, a few key indicators can help determine whether the site is safe. This section explores how to check the URL for two specific signs of a secure website. 

”Https:” in the website URL

“Https” in a website URL indicates that the website is safe to visit. The “s” stands for “secure,” and it means that the website uses SSL (Secure Sockets Layer) encryption to protect your information. A verified SSL certificate tells your browser that the website is secure. This is especially important when shopping online or entering personal information into a website. 

When you see “https” in a URL, the site is using a protocol that encrypts information before it’s sent from your computer to the website’s server. This helps prevent anyone from intercepting and reading your sensitive information as it’s transmitted. 

A lock icon near your browser’s URL field

The padlock icon near your browser’s URL field is another indicator that a webpage is safe to visit. This icon usually appears in the address bar and means the site uses SSL encryption. Security tools and icon and warning appearances depend on the web browser. 

Let’s explore the cybersecurity tools on the three major web browsers: 

  • Safari. In the Safari browser on a Mac, you can simply look for the lock icon next to the website’s URL in the address bar. The lock icon will be either locked or unlocked, depending on whether the site uses SSL encryption. If it’s an unsafe website, Safari generates a red-text warning in the address bar saying “Not Secure” or “Website Not Secure” when trying to enter information in fields meant for personal data or credit card numbers. Safari may also generate an on-page security warning stating, “Your connection is not private” or “Your connection is not secure.” 
  • Google Chrome. In Google Chrome, you’ll see a gray lock icon (it was green in previous Chrome versions) on the left of the URL when you’re on a site with a verified SSL certificate. Chrome has additional indicator icons, such as a lowercase “i” with a circle around it. Click this icon to read pertinent information on the site’s cybersecurity. Google Safe Browsing uses security tools to alert you when visiting an unsafe website. A red caution symbol may appear to the left of the URL saying “Not secure.” You may also see an on-page security message saying the site is unsafe due to phishing or malware. 
  • Firefox. Like Chrome, Mozilla’s Firefox browser will tag all sites without encryption with a distinctive marker. A padlock with a warning triangle indicates that the website is only partially encrypted and may not prevent cybercriminals from eavesdropping. A padlock with a red strike over it indicates an unsafe website. If you click on a field on the website, it’ll prompt you with a text warning stating, “This connection is not secure.” 

In-depth ways to check a website’s safety and security

Overall, the ”https” and the locked padlock icon are good signs that your personal data will be safe when you enter it on a website. But you can ensure a website’s security is up to par in other ways. This section will explore five in-depth methods for checking website safety. 

Use McAfee WebAdvisor

McAfee WebAdvisor is a free toolbar that helps keep you safe online. It works with your existing antivirus software to provide an extra layer of protection against online threats. WebAdvisor also blocks unsafe websites and lets you know if a site is known for phishing or other malicious activity. In addition, it can help you avoid online scams and prevent you from accidentally downloading malware. Overall, McAfee WebAdvisor is a useful tool that can help you stay safe while browsing the web. 

Website trust seals

When you’re browsing the web, it’s important to be able to trust the websites you’re visiting. One way to determine if a website is trustworthy is to look for trust seals. Trust seals are logos or badges that indicate a website is safe and secure. They usually appear on the homepage or checkout page of a website. 

There are many types of trust seals, but some of the most common include the Better Business Bureau (BBB) seal, VeriSign secure seal, and the McAfee secure seal. These seals indicate that a third-party organization has verified the website as safe and secure. 

While trust seals can help determine whether a website is trustworthy, it’s important to remember that they are not foolproof. Website owners can create a fake trust seal, so it’s always important to do your own research to ensure a website is safe before entering personal information. 

Check for a privacy policy

Another way to determine if a website is safe to visit is to check for a privacy policy. A privacy policy is a document that outlines how a website collects and uses personal information. It should also state how the site protects your data from being accessed or shared by scammers, hackers, or other unauthorized individuals. 

If a website doesn’t have a privacy policy, that’s a red flag that you shouldn’t enter any personal information on the site. Even if a website does have a privacy policy, it’s important to read it carefully so you understand how the site uses your personal data. 

Check third-party reviews

It’s important to do some preliminary research before visiting a new website, especially if you’re shopping online or entering personal data like your address, credit card, or phone number. One way to determine if a website is safe and trustworthy is to check third-party reviews. Several websites provide reviews of other websites, so you should be able to find several reviews for any given site.  

Trustpilot is one example of a website that provides reviews of other websites. 

Look for common themes when reading reviews. If most of the reviews mention that a website is safe and easy to use, it’s likely that the site is indeed safe to visit. However, if a lot of negative reviews mention problems with viruses or malware, you might want to avoid the site. 

Look over the website design

You can also analyze the website design when deciding whether a website is safe to visit. Look for spelling errors, grammatical mistakes, and anything that appears off. If a website looks like it was made in a hurry or doesn’t seem to be well-designed, that’s usually a red flag that the site might not be safe. 

Be especially careful of websites that have a lot of pop-ups. These sites are often spammy or contain malware. Don’t download anything from a website unless you’re absolutely sure it’s safe. These malicious websites rarely show up on the top of search engine results, so consider using a search engine to find what you’re looking for rather than a link that redirects you to an unknown website. 

Download McAfee WebAdvisor for free and stay safe while browsing

If you’re unsure whether a website is safe to visit, download McAfee WebAdvisor for free. McAfee WebAdvisor is a program that helps protect you from online threats, such as malware and viruses. It also blocks pop-ups and other intrusive ads so you can browse the web without worry. Plus, it’s completely free to download and use. 

Download McAfee WebAdvisor now and stay safe while browsing the web. 

The post How to Tell Whether a Website Is Safe or Unsafe appeared first on McAfee Blog.

This Malware Installs Malicious Browser Extensions to Steal Users' Passwords and Cryptos

By Ravie Lakshmanan
A malicious extension for Chromium-based web browsers has been observed to be distributed via a long-standing Windows information stealer called ViperSoftX. Czech-based cybersecurity company dubbed the rogue browser add-on VenomSoftX owing to its standalone features that enable it to access website visits, steal credentials and clipboard data, and even swap cryptocurrency addresses via an

Google Wins Lawsuit Against Russians Linked to Blockchain-based Glupteba Botnet

By Ravie Lakshmanan
Google has won a lawsuit filed against two Russian nationals in connection with the operation of a botnet called Glupteba, the company said last week. The U.S. District Court for the Southern District of New York imposed monetary sanctions against the defendants and their U.S.-based legal counsel. The defendants have also been asked to pay Google's attorney fees. The defendants' move to press

Google Identifies 34 Cracked Versions of Popular Cobalt Strike Hacking Toolkit in the Wild

By Ravie Lakshmanan
Google Cloud last week disclosed that it identified 34 different hacked release versions of the Cobalt Strike tool in the wild, the earliest of which shipped in November 2012. The versions, spanning 1.44 to 4.7, add up to a total of 275 unique JAR files, according to findings from the Google Cloud Threat Intelligence (GCTI) team. The latest version of Cobalt Strike is version 4.7.2. Cobalt

Microsoft Warns of Hackers Using Google Ads to Distribute Royal Ransomware

By Ravie Lakshmanan
A developing threat activity cluster has been found using Google Ads in one of its campaigns to distribute various post-compromise payloads, including the recently discovered Royal ransomware. Microsoft, which spotted the updated malware delivery method in late October 2022, is tracking the group under the name DEV-0569. "Observed DEV-0569 attacks show a pattern of continuous innovation, with

Google to Roll Out Privacy Sandbox Beta on Android 13 by Early 2023

By Ravie Lakshmanan
Internet behemoth Google on Tuesday said it plans to roll out Privacy Sandbox for Android in beta to mobile devices running Android 13 starting early next year. "The Privacy Sandbox Beta will be available for ad tech and app developers who wish to test the ads-related APIs as part of their solutions," the company said. To that end, developers will need to complete an enrollment process in order

Google to Pay $391 Million Privacy Fine for Secretly Tracking Users' Location

By Ravie Lakshmanan
Internet giant Google has agreed to pay a record $391.5 million to settle with 40 states in the U.S. over charges the company misled users about the collection of personal location data. "Google misled its users into thinking they had turned off location tracking in their account settings, when, in fact, Google continued to collect their location information," Oregon Attorney General Ellen

Over 15,000 WordPress Sites Compromised in Malicious SEO Campaign

By Ravie Lakshmanan
A new malicious campaign has compromised over 15,000 WordPress websites in an attempt to redirect visitors to bogus Q&A portals. "These malicious redirects appear to be designed to increase the authority of the attacker's sites for search engines," Sucuri researcher Ben Martin said in a report published last week, calling it a "clever black hat SEO trick." The search engine poisoning technique

Dangerous SIM-swap lockscreen bypass – update Android now!

By Paul Ducklin
A bit like leaving the front door keys under the doormat...

Malicious Google Play Store App Spotted Distributing Xenomorph Banking Trojan

By Ravie Lakshmanan
Google has removed two new malicious dropper apps that have been detected on the Play Store for Android, one of which posed as a lifestyle app and was caught distributing the Xenomorph banking malware. "Xenomorph is a trojan that steals credentials from banking applications on users' devices," Zscaler ThreatLabz researchers Himanshu Sharma and Viral Gandhi said in an analysis published Thursday.

Hacker Rewarded $70,000 for Finding Way to Bypass Google Pixel Phones' Lock Screens

By Ravie Lakshmanan
Google has resolved a high-severity security issue affecting all Pixel smartphones that could be trivially exploited to unlock the devices. The vulnerability, tracked as CVE-2022-20465 and reported by security researcher David Schütz in June 2022, was remediated as part of the search giant's monthly Android update for November 2022. "The issue allowed an attacker with physical access to bypass

Chrome issues urgent zero-day fix – update now!

By Paul Ducklin
We've said it before/And we'll say it again/It's not *if* you should patch/It's a matter of *when*. (Hint: now!)

These Dropper Apps On Play Store Targeting Over 200 Banking and Cryptocurrency Wallets

By Ravie Lakshmanan
Five malicious dropper Android apps with over 130,000 cumulative installations have been discovered on the Google Play Store distributing banking trojans like SharkBot and Vultur, which are capable of stealing financial data and performing on-device fraud. "These droppers continue the unstopping evolution of malicious apps sneaking to the official store," Dutch mobile security firm ThreatFabric

Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability

By Ravie Lakshmanan
Google on Thursday rolled out emergency fixes to contain an actively exploited zero-day flaw in its Chrome web browser. The vulnerability, tracked as CVE-2022-3723, has been described as a type confusion flaw in the V8 JavaScript engine. Security researchers Jan Vojtěšek, Milánek, and Przemek Gmerek of Avast have been credited with reporting the flaw on October 25, 2022. "Google is aware of

Google Launches GUAC Open Source Project to Secure Software Supply Chain

By Ravie Lakshmanan
Google on Thursday announced that it's seeking contributors to a new open source initiative called Graph for Understanding Artifact Composition, also known as GUAC, as part of its ongoing efforts to beef up the software supply chain. "GUAC addresses a need created by the burgeoning efforts across the ecosystem to generate software build, security, and dependency metadata," Brandon Lum, Mihai

These 16 Clicker Malware Infected Android Apps Were Downloaded Over 20 Million Times

By Ravie Lakshmanan
As many as 16 malicious apps with over 20 million cumulative downloads have been taken down from the Google Play Store after they were caught committing mobile ad fraud. The Clicker malware masqueraded as seemingly harmless utilities like cameras, currency/unit converters, QR code readers, note-taking apps, and dictionaries, among others, in a bid to trick users into downloading them,

Google Rolling Out Passkey Passwordless Login Support to Android and Chrome

By Ravie Lakshmanan
Google on Wednesday officially rolled out support for passkeys, the next-generation authentication standard, to both Android and Chrome. "Passkeys are a significantly safer replacement for passwords and other phishable authentication factors," the tech giant said. "They cannot be reused, don't leak in server breaches, and protect users from phishing attacks." The feature was first announced in

New Malware Families Found Targeting VMware ESXi Hypervisors

By Ravie Lakshmanan
Threat actors have been found deploying never-before-seen post-compromise implants in VMware's virtualization software to seize control of infected systems and evade detection. Google's Mandiant threat intelligence division referred to it as a "novel malware ecosystem" that impacts VMware ESXi, Linux vCenter servers, and Windows virtual machines, allowing attackers to maintain persistent access

Experts Uncover 85 Apps with 13 Million Downloads Involved in Ad Fraud Scheme

By Ravie Lakshmanan
As many as 75 apps on Google Play and 10 on Apple App Store have been discovered engaging in ad fraud as part of an ongoing campaign that commenced in 2019. The latest iteration, dubbed Scylla by Online fraud-prevention firm HUMAN Security, follows similar attack waves in August 2019 and late 2020 that go by the codename Poseidon and Charybdis, respectively. Prior to their removal from the app

Researchers Identify 3 Hacktivist Groups Supporting Russian Interests

By Ravie Lakshmanan
At least three alleged hacktivist groups working in support of Russian interests are likely doing so in collaboration with state-sponsored cyber threat actors, according to Mandiant. The Google-owned threat intelligence and incident response firm said with moderate confidence that "moderators of the purported hacktivist Telegram channels 'XakNet Team,' 'Infoccentr,' and 'CyberArmyofRussia_Reborn

Google to Make Account Login Mandatory for New Fitbit Users in 2023

By Ravie Lakshmanan
Wearable technology company Fitbit has announced a new clause that requires users to switch to a Google account "sometime" in 2023. "In 2023, we plan to launch Google accounts on Fitbit, which will enable use of Fitbit with a Google account," the Google-owned fitness devices maker said. <!--adsense--> The switch will not go live for all users in 2023. Rather, support for Fitbit accounts is

Void Balaur Hackers-for-Hire Targeting Russian Businesses and Politics Entities

By Ravie Lakshmanan
A hack-for-hire group that was first exposed in 2019 has expanded its focus to set its sights on entities with business or political ties to Russia. Dubbed Void Balaur, the cyber mercenary collective has a history of launching cyberattacks against biotechnology and telecom companies since 2015. As many as 3,500 victims have been reported as of November 2021. "Void Balaur [...] primarily dabbles

Chrome and Edge fix zero-day security hole – update now!

By Paul Ducklin
This time, the crooks got there first - only 1 security hole patched, but it's a zero-day.

Google Releases Urgent Chrome Update to Patch New Zero-Day Vulnerability

By Ravie Lakshmanan
Google on Friday shipped emergency fixes to address a security vulnerability in the Chrome web browser that it said is being actively exploited in the wild. The issue, assigned the identifier CVE-2022-3075, concerns a case of insufficient data validation in Mojo, which refers to a collection of runtime libraries that provide a platform-agnostic mechanism for inter-process communication (IPC). An

Google Chrome Bug Lets Sites Silently Overwrite System Clipboard Content

By Ravie Lakshmanan
A "major" security issue in the Google Chrome web browser, as well as Chromium-based alternatives, could allow malicious web pages to automatically overwrite clipboard content without requiring any user consent or interaction by simply visiting them. The clipboard poisoning attack is said to have been accidentally introduced in Chrome version 104, according to developer Jeff Johnson. While the

Experts Find Malicious Cookie Stuffing Chrome Extensions Used by 1.4 Million Users

By Ravie Lakshmanan
Five imposter extensions for the Google Chrome web browser masquerading as Netflix viewers and others have been found to track users' browsing activity and profit off retail affiliate programs. "The extensions offer various functions such as enabling users to watch Netflix shows together, website coupons, and taking screenshots of a website," McAfee researchers Oliver Devane and Vallabh Chole 

Google Launches New Open Source Bug Bounty to Tackle Supply Chain Attacks

By Ravie Lakshmanan
Google on Monday introduced a new bug bounty program for its open source projects, offering payouts anywhere from $100 to $31,337 (a reference to eleet or leet) to secure the ecosystem from supply chain attacks. Called the Open Source Software Vulnerability Rewards Program (OSS VRP), the offering is one of the first open source-specific vulnerability programs. With the tech giant the maintainer

Google Uncovers Tool Used by Iranian Hackers to Steal Data from Email Accounts

By Ravie Lakshmanan
The Iranian government-backed actor known as Charming Kitten has added a new tool to its malware arsenal that allows it to retrieve user data from Gmail, Yahoo!, and Microsoft Outlook accounts. Dubbed HYPERSCRAPE by Google Threat Analysis Group (TAG), the actively in-development malicious software is said to have been used against less than two dozen accounts in Iran, with the oldest known

Google Patches Chrome’s Fifth Zero-Day of the Year

By Elizabeth Montalbano
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.

Google Patches Chrome’s Fifth Zero-Day of the Year

By Elizabeth Montalbano
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.

Cybercriminals Developing BugDrop Malware to Bypass Android Security Features

By Ravie Lakshmanan
In a sign that malicious actors continue to find ways to work around Google Play Store security protections, researchers have spotted a previously undocumented Android dropper trojan that's currently in development. "This new malware tries to abuse devices using a novel technique, not seen before in Android malware, to spread the extremely dangerous Xenomorph banking trojan, allowing criminals