#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

chrome security | Breaking Cybersecurity News | The Hacker News

Category — chrome security
Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation

Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation

Aug 27, 2024 Vulnerability / Browser Security
Google has revealed that a security flaw that was patched as part of a software update rolled out last week to its Chrome browser has come under active exploitation in the wild. Tracked as CVE-2024-7965 , the vulnerability has been described as an inappropriate implementation bug in the V8 JavaScript and WebAssembly engine. "Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page," according to a description of the bug in the NIST National Vulnerability Database (NVD). A security researcher who goes by the online pseudonym TheDog has been credited with discovering and reporting the flaw on July 30, 2024, earning them a bug bounty of $11,000. Additional specifics about the nature of the attacks exploiting the flaw or the identity of the threat actors that may be utilizing it have not been released. The tech giant, however, acknowledged that it's aware of the
New Qilin Ransomware Attack Uses VPN Credentials, Steals Chrome Data

New Qilin Ransomware Attack Uses VPN Credentials, Steals Chrome Data

Aug 23, 2024 Ransomware / Data Breach
The threat actors behind a recently observed Qilin ransomware attack have stolen credentials stored in Google Chrome browsers on a small set of compromised endpoints. The use of credential harvesting in connection with a ransomware infection marks an unusual twist, and one that could have cascading consequences, cybersecurity firm Sophos said in a Thursday report. The attack, detected in July 2024, involved infiltrating the target network via compromised credentials for a VPN portal that lacked multi-factor authentication (MFA), with the threat actors conducting post-exploitation actions 18 days after initial access took place. "Once the attacker reached the domain controller in question, they edited the default domain policy to introduce a logon-based Group Policy Object (GPO) containing two items," researchers Lee Kirkpatrick, Paul Jacobs, Harshal Gosalia, and Robert Weiland said . The first of them is a PowerShell script named "IPScanner.ps1" that's desi
How to Get Going with CTEM When You Don't Know Where to Start

How to Get Going with CTEM When You Don't Know Where to Start

Oct 04, 2024Vulnerability Management / Security Posture
Continuous Threat Exposure Management (CTEM) is a strategic framework that helps organizations continuously assess and manage cyber risk. It breaks down the complex task of managing security threats into five distinct stages: Scoping, Discovery, Prioritization, Validation, and Mobilization. Each of these stages plays a crucial role in identifying, addressing, and mitigating vulnerabilities - before they can be exploited by attackers.  On paper, CTEM sounds great . But where the rubber meets the road – especially for CTEM neophytes - implementing CTEM can seem overwhelming. The process of putting CTEM principles into practice can look prohibitively complex at first. However, with the right tools and a clear understanding of each stage, CTEM can be an effective method for strengthening your organization's security posture.  That's why I've put together a step-by-step guide on which tools to use for which stage. Want to learn more? Read on… Stage 1: Scoping  When you're defin
New BHUNT Password Stealer Malware Targeting Cryptocurrency Wallets

New BHUNT Password Stealer Malware Targeting Cryptocurrency Wallets

Jan 20, 2022
A new evasive crypto wallet stealer named BHUNT has been spotted in the wild with the goal of financial gain, adding to a list of digital currency stealing malware such as CryptBot,  Redline Stealer , and  WeSteal . "BHUNT is a modular stealer written in .NET, capable of exfiltrating wallet (Exodus, Electrum, Atomic, Jaxx, Ethereum, Bitcoin, Litecoin wallets) contents, passwords stored in the browser, and passphrases captured from the clipboard," Bitdefender researchers said in a technical report on Wednesday. The campaign, distributed globally across Australia, Egypt, Germany, India, Indonesia, Japan, Malaysia, Norway, Singapore, South Africa, Spain, and the U.S., is suspected to be delivered to compromised systems via cracked software installers. The modus operandi of using cracks as an infection source for initial access mirrors similar cybercrime campaigns that have leveraged tools such as  KMSPico  as a conduit for deploying malware. "Most infected users also
cyber security

The State of SaaS Security 2024 Report

websiteAppOmniSaaS Security / Data Security
Learn the latest SaaS security trends and discover how to boost your cyber resilience. Get your free…
Google Announces 5 Major Security Updates for Chrome Extensions

Google Announces 5 Major Security Updates for Chrome Extensions

Oct 02, 2018
Google has made several new announcements for its Chrome Web Store that aims at making Chrome extensions more secure and transparent to its users. Over a couple of years, we have seen a significant rise in malicious extensions that appear to offer useful functionalities, while running hidden malicious scripts in the background without the user's knowledge. However, the best part is that Google is aware of the issues and has proactively been working to change the way its Chrome web browser handles extensions. Earlier this year, Google banned extensions using cryptocurrency mining scripts and then in June, the company also disabled inline installation of Chrome extensions completely. The company has also been using machine learning technologies to detect and block malicious extensions. To take a step further, Google announced Monday five major changes that give users more control over certain permissions, enforces security measures, as well as makes the ecosystem more t
Google Chrome to Label Sensitive HTTP Pages as "Not Secure"

Google Chrome to Label Sensitive HTTP Pages as "Not Secure"

Sep 09, 2016
Although over three months remaining, Google has planned a New Year gift for the Internet users, who're concerned about their privacy and security. Starting in January of 2017, the world's most popular web browser Chrome will begin labeling HTTP sites that transmit passwords or ask for credit card details as " Not Secure " — the first step in Google's plan to discourage the use of sites that don't use encryption. The change will take effect with the release of Chrome 56 in January 2017 and affect certain unsecured web pages that feature entry fields for sensitive data, like passwords and payment card numbers, according to a post today on the Google Security Blog . Unencrypted HTTP has been considered dangerous particularly for login pages and payment forms, as it could allow a man-in-the-middle attacker to intercept passwords, login session, cookies and credit card data as they travel across the network. In the following release, Chrome will flag
Expert Insights / Articles Videos
Cybersecurity Resources