Category: Security

AVG Chrome Extension Makes Users Vulnerable

By | December 30, 2015 | 0 Comments

AVG Chrome Extension Makes Users VulnerableYou would think that installing extension that is bundled with your anti-virus software will make you more secure but as it turns out, at least in this case, it’s the opposite.

What are we talking about? The extension called WebTuneUp, which flags search results that might appear suspicious, although Google already does the very same thing, it looks like AVG did a pretty decent job at convincing that you need more protection.

And just as with every software, a new exploit has been found, as explained by Tavis Ormandy, “This extension adds numerous JavaScript API’s to Chrome, apparently so that they can hijack search settings and the new tab page. The installation process is quite complicated so that they can bypass the chrome malware checks, which specifically tries to stop abuse of the extension API. Anyway, many of the API’s are broken.”
Continue Reading

SHA-1 Certificates Will Soon Be Deemed Invalid by Google Chrome

By | December 22, 2015 | 0 Comments

SHA-1 Certificates Will Soon Be Deemed Invalid by Google ChromeAt least the new ones.

As a part of Google’s program to get rid of the unsafe certificates and clean up the web, the search giant has announced that starting from early 2016, Google Chrome 48 will display a certificate error if the site:

– Uses the SHA-1 based certificate,
– The certificate is issued after January 1, 2016
– And it chains to a public CA
Continue Reading

Latest Chrome Exploit Puts Millions of Users at Risk

By | November 16, 2015 | 4 Comments

Latest Chrome Exploit Puts Millions of Users at RiskRecently, at the Tokyo PacSec conference, Chinese researched has discovered and successfully exploited Google’s Project Fi Nexus 6 device running the latest version of Android (6.0 Marshmallow). As a result, he was able to install fake app into the phone that could theoretically be used to take the device control away from the user. In a demo example, he installed a simple BMX bike game, just to show what’s possible.

As noted by the PacSec member, Dragos Ruiu, it was a “one-shot exploit” which “did everything in one go instead of chaining multiple vulnerabilities”.
Continue Reading

Recent Flash Vulnerability Leaves Everyone at Risk

By | October 16, 2015 | 0 Comments

Recent Flash Vulnerability Leaves Everyone at RiskAnother day, another headache.

Now here is something to cheer you up before the weekend. As it turns out, a critical security vulnerability (CVE-2015-7645), affecting all Flash versions on all operating systems (Windows, Linux and OS X), has been recently discovered and is already exploited by various web sites.

The only way to protect yourself? Uninstall Adobe Flash, as the company is said to be releasing patch only sometime next week.

The sense of adventure never ends with Adobe.
Continue Reading

Download Firefox 42 Beta

By | September 28, 2015 | 0 Comments

Download Firefox 42 BetaIt’s time to enhance your privacy.

Recently, Mozilla has published the beta version of Firefox 42 web browser, which includes some very welcome changes and new features.

One of which will inform about the annoying tab that is playing music and allow you to mute it.

However, as far as the privacy enhancements go (the main point of Firefox 42), it now protects users from the third party tracking when using Private Browsing mode. In addition to that, there is a Control Center for Private Browsing, where you can control site settings and security in one place.
Continue Reading

FYI: AVG Sells Your Browsing History To The Third Parties

By | September 17, 2015 | 1 Comment

FYI: AVG Sells Your Browsing History To The Third PartiesYou are the product.

If you are on Windows 8 or 10 and for some reason decided not to use Security Essentials / Windows Defender and have switched to AVG anti-virus instead, then good news for advertisers: they now have your browsing and search history as well meta data, your ISP and apps that are installed on your computer.

As stated in AVG’s privacy policy:
Continue Reading

Mozilla’s Bugzilla Compromised, Sensitive Data Stolen

By | September 9, 2015 | 0 Comments

Mozilla’s Bugzilla Compromised, Sensitive Data StolenDoes not appear to be as bad as one might think.

Bugzilla, a bug tracker that is used by Mozilla, Webkit, FreeBSD, the Linux kernel, Apache and many other vendors, has been recently compromised.

As detailed in the blog post, the attacker broke into one of the accounts and gained access to the security sensitive data. Mozilla also believes that the newly acquired information then was used to attack Firefox users. On a positive note, it looks like the vulnerability that he or she reportedly exploited has already been patched at the end of August.
Continue Reading

IE Mobile: Microsoft Fails To Fix A 6 Month Old Vulnerability

By | July 25, 2015 | 0 Comments

IE Mobile: Microsoft Fails To Fix A 6 Month Old VulnerabilityDetails are now published online.

Now here is something that does not exactly help the “buggy and old” IE public perception. Back in November and earlier this year in January, Microsoft was notified about the 4 security vulnerabilities that affect both Internet Explorer for desktop as well as smartphones and never bothered to fix them.

In fact, the software giant has now stated that they failed to do so because “there were no attacks reported”, hence they did not bother to do so, not to mention that Internet Explorer will also be replaced with Microsoft Edge later this year.
Continue Reading

Mozilla Kills Adobe Flash On Firefox, Disables It By Default

By | July 14, 2015 | 0 Comments

Mozilla Kills Adobe Flash On Firefox, Disables It By DefaultNow here is an interesting piece of news for all the tech (aka Flash hating) enthusiasts out there.

Unless you have been disconnected from the Internet for the last week or so, then the Hacking Team / Adobe Flash exploit leaks should be pretty known to you. Now, according to various reports, people are starting to see Flash disabled by default with the following pop-up displayed at the top of the page:

Firefox has prevent the unsafe plugin “Adobe Flash” from running on www.domain.com.
Continue Reading

Recent Leak Reveals New Adobe Flash Exploit

By | July 9, 2015 | 0 Comments

Recent Leak Reveals New Adobe Flash ExploitAnd everyone was vulnerable.

It seems like Flash has more security holes than the Swiss cheese and thanks to a recent leak, every single one of computers running it were vulnerable to a new attack.

The news come after the breach of the “Hacking Team”, an Italian spyware manufacturer, which have had clients (mostly governments) from all over the world. As it turns out, in more than 400 gigabytes of published data, there was a yet unknown Flash vulnerability, which too got revealed and allowed anyone (with some tech knowledge) to exploit computers running Adobe Flash 18.0.0.194 or earlier.
Continue Reading