Google's New Tracking Protection in Chrome Blocks Third-Party Cookies

By Newsroom — December 15^th 2023 at 07:23

Google on Thursday announced that it will start testing a new feature called "Tracking Protection" beginning January 4, 2024, to 1% of Chrome users as part of its efforts to deprecate third-party cookies in the web browser. The setting is designed to limit "cross-site tracking by restricting website access to third-party cookies by default," Anthony Chavez, vice president of Privacy

The Hacker News

New FjordPhantom Android Malware Targets Banking Apps in Southeast Asia

By Newsroom — December 1^st 2023 at 12:40

Cybersecurity researchers have disclosed a new sophisticated Android malware called FjordPhantom that has been observed targeting users in Southeast Asian countries like Indonesia, Thailand, and Vietnam since early September 2023. "Spreading primarily through messaging services, it combines app-based malware with social engineering to defraud banking customers," Oslo-based mobile app

The Hacker News

Zero-Day Alert: Google Chrome Under Active Attack, Exploiting New Vulnerability

By Newsroom — November 29^th 2023 at 04:27

Google has rolled out security updates to fix seven security issues in its Chrome browser, including a zero-day that has come under active exploitation in the wild. Tracked as CVE-2023-6345, the high-severity vulnerability has been described as an integer overflow bug in Skia, an open source 2D graphics library. Benoît Sevens and Clément Lecigne of Google's Threat Analysis Group (TAG) have

The Hacker News

LummaC2 Malware Deploys New Trigonometry-Based Anti-Sandbox Technique

By Newsroom — November 20^th 2023 at 10:49

The stealer malware known as LummaC2 (aka Lumma Stealer) now features a new anti-sandbox technique that leverages the mathematical principle of trigonometry to evade detection and exfiltrate valuable information from infected hosts. The method is designed to "delay detonation of the sample until human mouse activity is detected," Outpost24 security researcher Alberto Marín said in a technical

The Hacker News

Google Chrome Rolls Out Support for 'Privacy Sandbox' to Bid Farewell to Tracking Cookies

By THN — September 11^th 2023 at 11:00

Google has officially begun its rollout of Privacy Sandbox in the Chrome web browser to a majority of its users, nearly four months after it announced the plans. "We believe it is vital to both improve privacy and preserve access to information, whether it's news, a how-to-guide, or a fun video," Anthony Chavez, vice president of Privacy Sandbox initiatives at Google, said. "Without viable

The Hacker News

New BLISTER Malware Update Fuelling Stealthy Network Infiltration

By THN — September 5^th 2023 at 14:04

An updated version of a malware loader known as BLISTER is being used as part of SocGholish infection chains to distribute an open-source command-and-control (C2) framework called Mythic. “New BLISTER update includes keying feature that allows for precise targeting of victim networks and lowers exposure within VM/sandbox environments,” Elastic Security Labs researchers Salim Bitam and Daniel

The Hacker News

New P2PInfect Worm Targeting Redis Servers on Linux and Windows Systems

By THN — July 20^th 2023 at 06:12

Cybersecurity researchers have uncovered a new cloud targeting, peer-to-peer (P2P) worm called P2PInfect that targets vulnerable Redis instances for follow-on exploitation. "P2PInfect exploits Redis servers running on both Linux and Windows Operating Systems making it more scalable and potent than other worms," Palo Alto Networks Unit 42 researchers William Gamazo and Nathaniel Quist said. "This

The Hacker News

Privacy Sandbox Initiative: Google to Phase Out Third-Party Cookies Starting 2024

By Ravie Lakshmanan — May 19^th 2023 at 12:28

Google has announced plans to officially flip the switch on its twice-delayed Privacy Sandbox initiatives as it slowly works its way to deprecate support for third-party cookies in Chrome browser. To that end, the search and advertising giant said it intends to phase out third-party cookies for 1% of Chrome users globally in the first quarter of 2024. "This will support developers in conducting

The Hacker News

Why Your Detection-First Security Approach Isn't Working

By The Hacker News — April 28^th 2023 at 11:53

Stopping new and evasive threats is one of the greatest challenges in cybersecurity. This is among the biggest reasons why attacks increased dramatically in the past year yet again, despite the estimated $172 billion spent on global cybersecurity in 2022. Armed with cloud-based tools and backed by sophisticated affiliate networks, threat actors can develop new and evasive malware more quickly

The Hacker News

Critical Flaws in vm2 JavaScript Library Can Lead to Remote Code Execution

By Ravie Lakshmanan — April 19^th 2023 at 04:53

A fresh round of patches has been made available for the vm2 JavaScript library to address two critical flaws that could be exploited to break out of sandbox protections and achieve code execution. Both the flaws – CVE-2023-29199 and CVE-2023-30547 – are rated 9.8 out of 10 on the CVSS scoring system and have been addressed in versions 3.9.16 and 3.9.17, respectively. Successful exploitation of

Naked Security

Popular server-side JavaScript security sandbox “vm2” patches remote execution hole

By Paul Ducklin — April 9^th 2023 at 00:28

The security error was in the error handling system that was supposed to catch potential security errors...

vm2-1200

The Hacker News

Researchers Discover Critical Remote Code Execution Flaw in vm2 Sandbox Library

By Ravie Lakshmanan — April 8^th 2023 at 05:04

The maintainers of the vm2 JavaScript sandbox module have shipped a patch to address a critical flaw that could be abused to break out of security boundaries and execute arbitrary shellcode. The flaw, which affects all versions, including and prior to 3.9.14, was reported by researchers from South Korea-based KAIST WSP Lab on April 6, 2023, prompting vm2 to release a fix with version 3.9.15 on

The Hacker News

Google Rolling Out Privacy Sandbox Beta on Android 13 Devices

By Ravie Lakshmanan — February 15^th 2023 at 07:55

Google announced on Tuesday that it's officially rolling out Privacy Sandbox on Android in beta to eligible mobile devices running Android 13. "The Privacy Sandbox Beta provides new APIs that are designed with privacy at the core, and don't use identifiers that can track your activity across apps and websites," the search and advertising giant said. "Apps that choose to participate in the Beta

The Hacker News

Google to Roll Out Privacy Sandbox Beta on Android 13 by Early 2023

By Ravie Lakshmanan — November 16^th 2022 at 05:24

Internet behemoth Google on Tuesday said it plans to roll out Privacy Sandbox for Android in beta to mobile devices running Android 13 starting early next year. "The Privacy Sandbox Beta will be available for ad tech and app developers who wish to test the ads-related APIs as part of their solutions," the company said. To that end, developers will need to complete an enrollment process in order

The Hacker News

Not All Sandboxes Are for Children: How to Secure Your SaaS Sandbox

By The Hacker News — October 20^th 2022 at 11:20

When creating a Sandbox, the mindset tends to be that the Sandbox is considered a place to play around, test things, and there will be no effect on the production or operational system. Therefore, people don't actively think they need to worry about its security. This mindset is not only wrong, but extremely dangerous. When it comes to software developers, their version of sandbox is similar to

The Hacker News

Researchers Detail Critical RCE Flaw Reported in Popular vm2 JavaScript Sandbox

By Ravie Lakshmanan — October 11^th 2022 at 11:28

A now-patched security flaw in the vm2 JavaScript sandbox module could be abused by a remote adversary to break out of security barriers and perform arbitrary operations on the underlying machine. "A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox," GitHub said in an advisory published on September 28, 2022.  The

The Hacker News

Google Delays Blocking 3rd-Party Cookies in Chrome Browser Until 2024

By Ravie Lakshmanan — July 28^th 2022 at 13:55

Google on Wednesday said it's once again delaying its plans to turn off third-party cookies in the Chrome web browser from late 2023 to the second half of 2024. "The most consistent feedback we've received is the need for more time to evaluate and test the new Privacy Sandbox technologies before deprecating third-party cookies in Chrome," Anthony Chavez, vice president of Privacy Sandbox, said.

The Hacker News

Microsoft Details App Sandbox Escape Bug Impacting Apple iOS, iPadOS, macOS Devices

By Ravie Lakshmanan — July 14^th 2022 at 10:54

Microsoft on Wednesday shed light on a now patched security vulnerability affecting Apple's operating systems that, if successfully exploited, could allow attackers to escalate device privileges and deploy malware. "An attacker could take advantage of this sandbox escape vulnerability to gain elevated privileges on the affected device or execute malicious commands like installing additional

Naked Security

Firefox out-of-band update to 100.0.1 – just in time for Pwn2Own?

By Paul Ducklin — May 15^th 2022 at 21:53

A new point-release of Firefox. Not unusual, but the timing of this one is interesting, with Pwn2Own coming up in a few days.

Naked Security

Firefox update brings a whole new sort of security sandbox

By Paul Ducklin — December 7^th 2021 at 19:14

Firefox 95.0 is out, with the usual security fixes... plus some funky new ones.