#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

WebRTC Protocol | Breaking Cybersecurity News | The Hacker News

Chrome Flaw Allows Sites to Secretly Record Audio/Video Without Indication

Chrome Flaw Allows Sites to Secretly Record Audio/Video Without Indication

May 30, 2017
What if your laptop is listening to everything that is being said during your phone calls or other people near your laptop and even recording video of your surrounding without your knowledge? Sounds really scary! Isn't it? But this scenario is not only possible but is hell easy to accomplish. A UX design flaw in the Google's Chrome browser could allow malicious websites to record audio or video without alerting the user or giving any visual indication that the user is being spied on. AOL developer Ran Bar-Zik reported the vulnerability to Google on April 10, 2017, but the tech giant declined to consider this vulnerability a valid security issue, which means that there is no official patch on the way. How Browsers Works With Camera & Microphone Before jumping onto vulnerability details, you first need to know that web browser based audio-video communication relies on WebRTC (Web Real-Time Communications) protocol – a collection of communications protocols th
Firefox 41 integrates Free Built-in Instant Messaging and Video Chat to Your Browser

Firefox 41 integrates Free Built-in Instant Messaging and Video Chat to Your Browser

Sep 24, 2015
Mozilla launches Voice and Video Connect with the release of Official Firefox 41.0 Release . After significant improvements done in the Firefox Nightly experimental build of version Firefox 41.0, the stable release has a lot to offer. How would it be experiencing a seamless communication – video and voice calls and text messaging being directly built in your browser? Here's How: Mozilla has launched the stable release of Firefox 41.0 , equipped with project " Firefox Hello " offering free VOIP and instant messaging services through WebRTC ( Real Time Communication ) channel. Firefox Hello had already arrived last year via Firefox 41.0 Beta release with an aim of improving user's experience by providing them with free voice and video calling features, irrespective of additional software or hardware support. By adopting Firefox Hello : Both the parties don't need to have same browsers, software or hardware. No sign-up other than
How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities

How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities

Feb 15, 2024SaaS Security / Risk Management
With many of the highly publicized 2023 cyber attacks revolving around one or more SaaS applications, SaaS has become a cause for genuine concern in many boardroom discussions. More so than ever, considering that GenAI applications are, in fact, SaaS applications. Wing Security (Wing), a SaaS security company, conducted an analysis of 493 SaaS-using companies in Q4 of 2023.  Their study reveals  how companies use SaaS today, and the wide variety of threats that result from that usage. This unique analysis provides rare and important insights into the breadth and depth of SaaS-related risks, but also provides practical tips to mitigate them and ensure SaaS can be widely used without compromising security posture.  The TL;DR Version Of SaaS Security 2023 brought some now infamous examples of malicious players leveraging or directly targeting SaaS, including the North Korean group UNC4899, 0ktapus ransomware group, and Russian Midnight Blizzard APT, which targeted well-known organizat
WebRTC Vulnerability leaks Real IP Addresses of VPN Users

WebRTC Vulnerability leaks Real IP Addresses of VPN Users

Feb 03, 2015
An extremely critical vulnerability has recently been discovered in WebRTC (Web Real-Time Communication) , an open-source standard that enables the browsers to make voice or video calls without needing any plug-ins. AFFECTED PRODUCTS Late last month, security researchers revealed a massive security flaw that enables website owner to easily see the real IP addresses of users through WebRTC , even if they are using a VPN or even PureVPN to mask their real IP addresses. The security glitch affects WebRTC-supporting browsers such as Google Chrome and Mozilla Firefox, and appears to be limited to Windows operating system only, although users of Linux and Mac OS X are not affected by this vulnerability. HOW DOES THE WebRTC FLAW WORKS WebRTC allows requests to be made to STUN (Session Traversal Utilities for NAT) servers which return the "hidden" home IP-address as well as local network addresses for the system that is being used by the user. The results of t
cyber security

Are You Vulnerable to Third-Party Breaches Through Interconnected SaaS Apps?

websiteWing SecuritySaaS Security / Risk Management
Protect against cascading risks by identifying and mitigating app2app and third-party SaaS vulnerabilities.
Mozilla to Provide WebRTC-based Free Firefox To Firefox Voice and Video Calling feature

Mozilla to Provide WebRTC-based Free Firefox To Firefox Voice and Video Calling feature

Jun 01, 2014
Mozilla is planning to provide a new feature that will allow free audio and video calls between its Firefox web browser , thereby ending the need of any third-party client service or plugin. Mozilla will soon release a new experimental version of Firefox Nightly , which will include an open source and Peer-to-peer communication protocol called WebRTC that enables Real-Time Communications (RTC) capabilities between two web browsers via simple Javascript APIs. NO PLUGINS REQUIRED WebRTC is not a web browser plugin, and its components run in the browser sandbox. Its components do not require separate installation or any separate process to run and it will receive its updates along with the web browser updates. " No plugins, no downloads. If you have a browser, a camera and a mic, you'll be able to make audio and video calls to anyone else with an enabled browser ." reads the blog post and when the camera or microphone are running, this is clearly shown by the Fire
Cybersecurity Resources