browser security | Breaking Cybersecurity News | The Hacker News

Cybersecurity researchers have flagged multiple in-the-wild exploit campaigns that leveraged now-patched flaws in Apple Safari and Google Chrome browsers to infect mobile users with information-stealing malware. "These campaigns delivered n-day exploits for which patches were available, but would still be effective against unpatched devices," Google Threat Analysis Group (TAG) researcher Clement Lecigne said in a report shared with The Hacker News. The activity, observed between November 2023 and July 2024, is notable for delivering the exploits by means of a watering hole attack on Mongolian government websites, cabinet.gov[.]mn and mfa.gov[.]mn. A watering hole attack, also called a strategic website compromise attack, is a form of cyber attack that targets groups of users or those within a particular industry by compromising websites that they commonly visit in order to serve them with malware and gain access to their systems. The intrusion set has been attributed wi

Attackers are increasingly using new phishing toolkits (open-source, commercial, and criminal) to execute adversary-in-the-middle (AitM) attacks. AitM enables attackers to not just harvest credentials but steal live sessions, allowing them to bypass traditional phishing prevention controls such as MFA, EDR, and email content filtering. In this article, we're going to look at what AitM phishing is, how it works, and what organizations need to be able to detect and block these attacks effectively. What is AitM phishing? AitM phishing is a technique that uses dedicated tooling to act as a proxy between the target and a legitimate login portal for an application.  As it's a proxy to the real application, the page will appear exactly as the user expects, because they are logging into the legitimate site – just taking a detour via the attacker's device. For example, if accessing their webmail, the user will see all their real emails; if accessing their cloud file store then all their r

Want to know what's the latest and greatest in SecOps for 2024? Gartner's recently released Hype Cycle for Security Operations report takes important steps to organize and mature the domain of Continuous Threat Exposure Management, aka CTEM. Three categories within this domain are included in this year's report: Threat Exposure Management, Exposure Assessment Platforms (EAP), and Adversarial Exposure Validation (AEV). These category definitions are aimed at providing some structure to the evolving landscape of exposure management technologies. Pentera, listed as a sample vendor in the newly defined AEV category, is playing a pivotal role in increasing the adoption of CTEM, with a focus on security validation. Following is our take on the CTEM related product categories and what they mean for enterprise security leaders. The Industry is Maturing CTEM, coined by Gartner in 2022, presents a structural approach for continuously assessing, prioritizing, validating, and remediating expo

Google has rolled out security fixes to address a high-severity security flaw in its Chrome browser that it said has come under active exploitation in the wild. Tracked as CVE-2024-7971 , the vulnerability has been described as a type confusion bug in the V8 JavaScript and WebAssembly engine. "Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page," according to a description of the bug in the NIST National Vulnerability Database (NVD). The Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) have been credited with discovering and reporting the flaw on August 19, 2024. No additional details about the nature of the attacks exploiting the flaw or the identity of the threat actors that may be weaponizing it have been released, primarily to ensure that a majority of the users are updated with a fix. The tech giant, however, acknowledged in a terse sta

Cybersecurity researchers have uncovered new stealer malware that's designed to specifically target Apple macOS systems. Dubbed Banshee Stealer, it's offered for sale in the cybercrime underground for a steep price of $3,000 a month and works across both x86_64 and ARM64 architectures.  "Banshee Stealer targets a wide range of browsers, cryptocurrency wallets, and around 100 browser extensions, making it a highly versatile and dangerous threat," Elastic Security Labs said in a Thursday report. The web browsers and crypto wallets targeted by the malware comprise Safari, Google Chrome, Mozilla Firefox, Brave, Microsoft Edge, Vivaldi, Yandex, Opera, OperaGX, Exodus, Electrum, Coinomi, Guarda, Wasabi Wallet, Atomic, and Ledger. It's also equipped to harvest system information and data from iCloud Keychain passwords and Notes, as well as incorporate a slew of anti-analysis and anti-debugging measures to determine if it's running in a virtual environment in a

An ongoing, widespread malware campaign has been observed installing rogue Google Chrome and Microsoft Edge extensions via a trojan distributed via fake websites masquerading as popular software. "The trojan malware contains different deliverables ranging from simple adware extensions that hijack searches to more sophisticated malicious scripts that deliver local extensions to steal private data and execute various commands," the ReasonLabs research team said in an analysis. "This trojan malware, existing since 2021, originates from imitations of download websites with add-ons to online games and videos." The malware and the extensions have a combined reach of at least 300,000 users of Google Chrome and Microsoft Edge, indicating that the activity has a broad impact. At the heart of the campaign is the use of malvertising to push lookalike websites promoting known software like Roblox FPS Unlocker, YouTube, VLC media player, Steam, or KeePass to trick users s

Cybersecurity researchers have discovered a new " 0.0.0.0 Day" impacting all major web browsers that malicious websites could take advantage of to breach local networks. The critical vulnerability "exposes a fundamental flaw in how browsers handle network requests, potentially granting malicious actors access to sensitive services running on local devices," Oligo Security researcher Avi Lumelsky said . The Israeli application security company said the implications of the vulnerability are far-reaching, and that it stems from the inconsistent implementation of security mechanisms and a lack of standardization across different browsers. As a result, a seemingly harmless IP address such as 0.0.0.0 could be weaponized to exploit local services, resulting in unauthorized access and remote code execution by attackers outside the network. The loophole is said to have been around since 2006. 0.0.0.0 Day impacts Google Chrome/Chromium, Mozilla Firefox, and Apple Safar

The China-linked threat actor known as Evasive Panda compromised an unnamed internet service provider (ISP) to push malicious software updates to target companies in mid-2023, highlighting a new level of sophistication associated with the group. Evasive Panda, also known by the names Bronze Highland, Daggerfly, and StormBamboo, is a cyber espionage group that's been active since at least 2012, leveraging backdoors such as MgBot (aka POCOSTICK) and Nightdoor (aka NetMM and Suzafk) to harvest sensitive information. More recently, the threat actor was formally attributed to the use of a macOS malware strain called MACMA, which has been observed in the wild as far back as 2021. "StormBamboo is a highly skilled and aggressive threat actor who compromises third-parties (in this case, an ISP) to breach intended targets," Volexity said in a report published last week. "The variety of malware employed in various campaigns by this threat actor indicates significant ef

Google has announced that it's adding a new layer of protection to its Chrome browser through what's called app-bound encryption to prevent information-stealing malware from grabbing cookies on Windows systems. "On Windows, Chrome uses the Data Protection API ( DPAPI ) which protects the data at rest from other users on the system or cold boot attacks," Will Harris from the Chrome security team said . "However, the DPAPI does not protect against malicious applications able to execute code as the logged in user – which info-stealers take advantage of." App-bound encryption is an improvement over DPAPI in that it interweaves an app's identity (i.e., Chrome in this case) into encrypted data to prevent another app on the system from accessing it when decryption is attempted. "Because the app-bound service is running with system privileges, attackers need to do more than just coax a user into running a malicious app," Harris said. "Now, th

The browser is the nerve center of the modern workspace. Ironically, however, the browser is also one of the least protected threat surfaces of the modern enterprise. Traditional security tools provide little protection against browser-based threats, leaving organizations exposed. Modern cybersecurity requires a new approach based on the protection of the browser itself, which offers both security and frictionless deployment.  In an upcoming live webinar ( Register here ), Or Eshed, CEO of browser security company LayerX, and Christopher Smedberg, Director of Cybersecurity at Advance Publishing, will discuss the challenges facing modern enterprise in the new hybrid-work world, the gaps found in existing security solutions, and a new approach to securing the modern enterprise workspace, which is centered on the browser. The Browser is Where Work Takes Place The browser is the key to the organization's critical assets. It connects all organizational devices, identities, and SaaS and

Google said it's adding new security warnings when downloading potentially suspicious and malicious files via its Chrome web browser. "We have replaced our previous warning messages with more detailed ones that convey more nuance about the nature of the danger and can help users make more informed decisions," Jasika Bawa, Lily Chen, and Daniel Rubery from the Chrome Security team said . To that end, the search giant is introducing a two-tier download warning taxonomy based on verdicts provided by Google Safe Browsing: Suspicious files and Dangerous files. Each category comes with its own iconography, color, and text to distinguish them from one another and help users make an informed choice. Google is also adding what's called automatic deep scans for users who have opted-in to the Enhanced Protection mode of Safe Browsing in Chrome so that they don't have to be prompted each time to send the files to Safe Browsing for deep scanning before opening them. In

Cybersecurity researchers have shed light on an adware module that purports to block ads and malicious websites, while stealthily offloading a kernel driver component that grants attackers the ability to run arbitrary code with elevated permissions on Windows hosts. The malware, dubbed HotPage, gets its name from the eponymous installer ("HotPage.exe"), according to new findings from ESET, which discovered the malware towards the end of 2023. The installer "deploys a driver capable of injecting code into remote processes, and two libraries capable of intercepting and tampering with browsers' network traffic," ESET researcher Romain Dumont said in a technical analysis published today. "The malware can modify or replace the contents of a requested page, redirect the user to another page, or open a new page in a new tab based on certain conditions." Besides leveraging its browser traffic interception and filtering capabilities to display game-relat

Browser security is becoming increasingly popular, as organizations understand the need to protect at the point of risk - the browser. Network and endpoint solutions are limited in their ability to protect from web-borne threats like phishing websites or malicious browser extensions. They also do not protect from internal data exfiltration, like employees pasting sensitive data to ChatGPT. As it turns out, browser security is also a cost-effective security solution, compared to other solutions that require much more budgets and heavy lifting. In a new report, "CISO Testimonials: 6 Real Life Stories of Cutting Costs with a Browser Security Platform" , six CISOs testify how browser security allowed them to reduce security team workloads and enhance efficiency and security, with a cost-effective browser security solution. CISO Testimonials Throughout the report, the CISOs reveal the tasks they had on their plate and how they solved them in an efficient manner. These are categorized to

A previously undocumented threat actor dubbed Boolka has been observed compromising websites with malicious scripts to deliver a modular trojan codenamed BMANAGER . "The threat actor behind this campaign has been carrying out opportunistic SQL injection attacks against websites in various countries since at least 2022," Group-IB researchers Rustam Mirkasymov and Martijn van den Berk said in a report published last week. "Over the last three years, the threat actors have been infecting vulnerable websites with malicious JavaScript scripts capable of intercepting any data entered on an infected website." Boolka gets its name from the JavaScript code inserted into the website that beacons out to a command-and-control server named "boolka[.]tk" every time an unsuspecting visitor lands on the infected site. The JavaScript is also designed to collect and exfiltrate user inputs and interactions in a Base64-encoded format, indicating the use of the malware

A new campaign is tricking users searching for the Meta Quest (formerly Oculus) application for Windows into downloading a new adware family called AdsExhaust. "The adware is capable of exfiltrating screenshots from infected devices and interacting with browsers using simulated keystrokes," cybersecurity firm eSentire said in an analysis, adding it identified the activity earlier this month. "These functionalities allow it to automatically click through advertisements or redirect the browser to specific URLs, generating revenue for the adware operators." The initial infection chain involves surfacing the bogus website ("oculus-app[.]com") on Google search results pages using search engine optimization (SEO) poisoning techniques, prompting unsuspecting site visitors to download a ZIP archive ("oculus-app.EXE.zip") containing a Windows batch script. The batch script is designed to fetch a second batch script from a command-and-control (C2) se

The landscape of browser security has undergone significant changes over the past decade. While Browser Isolation was once considered the gold standard for protecting against browser exploits and malware downloads, it has become increasingly inadequate and insecure in today's SaaS-centric world. The limitations of Browser Isolation, such as degraded browser performance and inability to tackle modern web-borne threats like phishing and malicious extensions, necessitate a shift towards more advanced solutions. These are the findings of a new report, titled " The Next Generation of RBI (Remote Browser Isolation) " ( Download here ). The Roots of Browser Isolation In the past, traditional signature-based antiviruses were commonly used to protect against on-device malware infections. However, they failed to block two main types of threats. The first, browser exploit, especially in Microsoft's Internet Explorer. The second, drive-by malware downloads, i.e using social e