Potential Browser Spoofing Flaw

A newly-identified browser address bar flaw that affects Safari and Edge browsers is now spoofing web addresses. A JavaScript exploit can be used to update the address bar while a page is still loading. Microsoft has resolved the issue within the Edge browser with a patch in its security updates this week. Apple has not yet resolved it for the Safari browser. Make sure you are updating your software whenever new security patches come out in order to prevent exploits like this in the future.    

New Bill Would Establish National Breach Notification Standard for Financial Breaches

A bill was recently introduced by Representative Blain Luetkemeyer (R-Missouri) that aims to create a new national data breach standard in notifications from financial institutions. The bill would start by amending the Gramm-Leach-Bliley Act, with would require financial institutions to issue notifications “in the event of unauthorized access that is reasonably likely to result in identity theft, fraud, or economic loss.” According to SANS News, there is not yet a companion bill in the Senate.

Trend Micro Apps Leak User Data

There are multiple applications developed by Trend Micro, a security provider, that are no longer available in the Mac App Store after researchers have found them to be collecting browser history, and definitive information about users’ computers. On Friday, Apple removed the Adware Doctor from its store, based on the exact same conclusion. The toal list of apps are Dr. Antivirus, Dr. Cleaner, and Dr. Unarchiver, all developed¬† by Trend Micro, Incorporated. It is recommended that anyone using these apps discontinue their usage unless they wish to openly share this […]

All Kinds of Nasty Ransomware is Popping Up

As far as ransomware goes, there are new types always popping up; however, some of the old variants are still going strong: Dharma, which targets businesses via open remote desktop services, is a nasty variant. Therefore, make sure that you have a firewall and VPN securing any devices that are accessible via remote desktop. In continuation to that, it appears that ransomware is here to stay: Locdoor Ransomware New Shiva Ransomware Variant New Matrix Ransomware Variant New CryptoJoker Variant YARA Rule Created for Shrug2 New Fallout Exploit Kit Drops GandCab […]

Windows 7 Security Updates Can Now Be Extended Beyond 2020

Support for Windows 7 was presumed to have ended in January of 2020 for consumers; however, Microsoft has decided to start offering paid extensions for Windows 7 security updates. They have also decided to extend the support cycle for businesses that leverage Windows 10 to help them make the shift to the newer operating system. Based on Microsoft’s own estimates, the Windows 7 user count currently makes up 40.27% of the total market share of all deployed operating systems, with Windows 10 making up 37.80%, and Windows XP at 3.30%. […]

MEGA Extension Hacked in Chrome Webstore

The MEGA Google Chrome extension has been hacked to steal and hijack login credentials and various forms of cryptocurrency. Over 1.6 million individuals were infected with the malicious MEGA extension within a 24-hour period. The attack was first noticed by SerHack, a security researcher identified in relation to the Monero project, whom tweeted a warning that the extension was hacked. When installed, the malicious extension will monitor browsing activities and search for login submissions to Microsoft, Github, Google, and even Amazon, and hijack credentials once submitted. The malicious extension would […]