web browser | Breaking Cybersecurity News | The Hacker News

In Brief Chrome apps and extensions make things easier, but they can also do terrible things like spy on web users and collect their personal data. But, now Google has updated its browser's User Data Policy requiring all Chrome extension and app developers to disclose what data they collect. Furthermore, developers are prohibited from collecting unnecessary browsing data and must also use encryption when handling sensitive information from users. Around 40 percent of all Google Chrome users have some kind of browser extensions, plugins or add-ons installed, but how safe are they? The company plans to enforce developers starting this summer, to "ensure transparent use of the data in a way that is consistent with the wishes and expectations of users." Google is making its Chrome Web Store safer for its users by forcing developers to disclose how they handle customers' data. Google's new User Data Policy will now force app developers, who use the Chrome We

Beware Comodo Users! Have you Safeguarded your PC with a Comodo Antivirus? Then you need to inspect your system for privacy and security concerns. First of all, make sure whether your default browser had been changed to " Chromodo " -- a free browser offered by Comodo Antivirus. If your head nod is " Yes ," then you could be at risk! Chromodo browser, which is supplied along with the installation of Comodo Anti-Virus Software and marketed as 'Private Internet Browser' for better security and privacy, automatically overrides system settings to set itself as your 'Default Browser.' And secondly, the main security concern about Comodo Antivirus is that the Chromodo browser has 'Same Origin Policy' (SOP) disabled by default. Google's security researcher Tavis Ormandy , recently shouted at Comodo for disabling SOP by default in its browser settings that violates one of the strongest browser security policy. Orm

Over the past two years, a shocking  51% of organizations surveyed in a leading industry report have been compromised by a cyberattack.  Yes, over half.  And this, in a world where enterprises deploy  an average of 53 different security solutions  to safeguard their digital domain.  Alarming? Absolutely. A recent survey of CISOs and CIOs, commissioned by Pentera and conducted by Global Surveyz Research, offers a quantifiable glimpse into this evolving battlefield, revealing a stark contrast between the growing risks and the tightening budget constraints under which cybersecurity professionals operate. With this report, Pentera has once again taken a magnifying glass to the state of pentesting to release its annual report about today's pentesting practices. Engaging with 450 security executives from North America, LATAM, APAC, and EMEA—all in VP or C-level positions at organizations with over 1,000 employees—the report paints a current picture of modern security validation prac

Shocking! Adblock Extension that blocks annoying online advertising has been sold... ...And more shocking, the most popular " Adblock Extension ", with more than 40 million users, quietly sold their creation to an unknown buyer ... ' Michael Gundlach ', the creator widely used Adblock Extension refuses to disclose the name, who purchased his company and how much it was sold for, just because buyer wishes to remain anonymous. After watching a popup message (as shown) on their browsers this week, the Adblock users are literally going crazy. " I am selling my company, and the buyer is turning on Acceptable Ads, " Gundlach said. Holy Sh*t! NSA Buys Adblock? The ' Anonymous buyer ' conspiracy has caused concern for Adblock users and they have raised number of questions on social media sites, such as: Should I trust AdBlock Extension anymore? Who owns the Software I have installed? Is it NSA? Also, reportedly, Michael Gun

Rejoice Chrome users! Google has made major improvements to its Chrome web browser that would once again make it one of the least memory eater browsers in the market. Although Chrome is used by hundreds of millions of people worldwide due to its simplicity and power, most people aren't happy with it because it uses too much memory and power. Google has now solved these problems. The most recent release of Chrome ( Chrome 45 ) is intended to make your browsing experience faster and more efficient. Google launched Chrome 45 for Windows, Mac, Linux, and Android two days ago, but the company announced in an official blog post Friday that the new version includes several new updates that focus on making the browser load faster and use less memory. Also Read:  I keep 200+ Browser Tabs Open, and My Computer Runs Absolutely Fine. Here's My Secret Chrome 45 Uses 10% Less RAM A major issue reported by Chrome users was the browser's consumption of PC mem

Bad News for Internet Explorer fans, if any! Microsoft's almost 20 years old Web browser with a big blue E sign might soon be a thing of the past. With the arrival of Windows 10 , probably by next fall, Microsoft could come up with its brand new browser that's more similar to Mozilla's Firefox and Google's Chrome, but less like Internet Explorer (IE), according to a recent report published by ZDNet. "Ok so Microsoft is about to launch a new browser that's not Internet Explorer and will be the default browser in Windows 10," tweeted Thomas Nigro, a Microsoft Student Partner lead and developer of the modern version of VLC. The browser, codenamed " Spartan ," is a " light-weight " browser with extension support, and multiple sources confirm that this new browser isn't IE12. Instead, Spartan is an entirely new browser that will use Microsoft's Chakra JavaScript engine and Trident rendering engine (as opposed to WebKit

Another Heartbleed-like vulnerability has been discovered in the decade old but still widely used Secure Sockets Layer ( SSL ) 3.0 cryptographic protocol that could allow an attacker to decrypt contents of encrypted connections to websites. Google's Security Team revealed on Tuesday that the most widely used web encryption standard SSL 3.0 has a major security vulnerability that could be exploited to steal sensitive data. The flaw affects any product that follows the Secure layer version 3, including Chrome, Firefox, and Internet Explorer. Researchers dubbed the attack as " POODLE ," stands for Padding Oracle On Downgraded Legacy Encryption , which allows an attacker to perform a man-in-the-middle attack in order to decrypt HTTP cookies. The POODLE attack can force a connection to "fallback" to SSL 3.0, where it is then possible to steal cookies, which are meant to store personal data, website preferences or even passwords. Three Google security engineers - Bodo Möll

Mozilla on Friday notified users of its Mozilla Developer Network (MDN) that the company has accidentally exposed the e-mail addresses and cryptographically protected passwords of thousands of Mozilla developers. The email addresses of over 76,000 members of its Developer Network, along with 4000 "salted" passwords were disclosed through a database glitch that may have been exploited by hackers, Mozilla officials warned Friday. The database glitch caused due to a data " sanitization " process failure, that was lasted for a month beginning on June 23, which inadvertently published the records of members of the MDN and left on a publicly accessible server for around a month until one of the outfit's web developers discovered their presence on a server accessible to the general public around a couple of weeks back, according to a blog post . " As soon as we learned of it, the database dump file was removed from the server immediately, and the process that ge

In an effort to create more open and accessible atmosphere between the Internet Explorer team and the Web development community, Microsoft today announced the launch of The Developer Channel for Internet Explorer . Internet Explorer Developer Channel is a fully-functioning browser designed to provide Web programmers and early adopters an advance and better understanding of the features the team is currently working on and let them offer feedback before it reaches the broader public. " Today we're excited to announce the release of the Internet Explorer Developer Channel, a fully functioning browser designed to give Web developers and early adopters a sneak peek at the Web platform features we're working on, " Microsoft said in a blog post . Thankfully, Internet Explorer Developer Channel runs independently of the user's copy of IE and allows Web programmers to test newest Web technology and browser features without disrupting their current browser set

The Mozilla Firefox web browser is used by roughly 30% of all Internet users and the company is seriously concerned about the Security of its users for many years. To Improve the Stability, Security and performance of Firefox web browser , Mozilla announced back in  2013 that it planned to enable ' Click to Play ' feature in upcoming Firefox versions, which will block most vulnerable plugins like Java by default. " Plugins are a significant source of poor performance, crashes and security vulnerabilities ", Mozilla said . The Feature ' Click to play ' blocks the execution of all plugins automatically, though this feature was annoying to the users, so to prevent all plugins from default blocking, Mozilla announced to maintain a whitelist of approved plugins. "By allowing users to decide which sites need to use plugins, Firefox will help protect them and keep their browser running smoothly." ~Benjamin Smedberg, Engineering Manager. Plugin authors ca

Having SSL Certification doesn't mean that the website you are visiting is not a bogus website. SSL certificates protect web users in two ways, it encrypts sensitive information such as usernames, passwords, or credit card numbers and also verify the identity of websites. But today hackers and cyber criminals are using every tantrum to steal your credentials by injecting fake SSL certificates to the bogus websites impersonating Social media, e-commerce, and even bank website. Netcraft Security Researchers have discovered dozens of fake SSL Certificates being used to enact financial institutions, e-commerce site vendors, Internet Service Providers and social networking sites, which allegedly allows an attacker to carry out man-in-the-middle attacks. When you will visit a bogus website from any popular web browser; having self signed fake SSL Certificate, you will see a foreboding warning in the web browser, but the traffic originates from apps and other non-browser software fail

Just like other Web Browsers, The Google Chrome also offers a password manager feature that can save your logins and basic information for automatic form-filling. The Google Chrome browser stores all your passwords in the plain text format and is available for access by opening the following URL in your Chrome browser – " chrome : //settings/passwords ". Unlike Firefox , till now Google Chrome was not offering any Master Protection. Finally Google has implemented a Master Password protection on Chrome password manager in Windows and Mac. Now you have to enter your Windows account password to reveal the saved passwords. The protection will be lifted for a minute, after entering the password, and after that user need to re-login. Previously, Google was criticized many times for such bad password storage Practice because there is no master password, no security, not even a prompt that " these passwords are visible " and this allows anyone with access to a user's c

Address space layout randomization (ASLR) is a security technique involved in protection from buffer overflow attacks. Many recent APT (Advanced Persistent Threat) attacks have utilized many different ASLR bypass techniques during the past year, according to Researchers at  FireEye . Many exploits and malware attacks rely on the ability of the programmer to accurately identify where specific processes or system functions reside in memory. In order for an attacker to exploit or leverage a function, they must first be able to tell their code where to find the function or process to exploit.  The goal of ASLR  is to introduce randomness into addresses used by a given task. It involves randomly arranging the positions of key data areas of a program, including the base of the executable and the positions of the stack, heap, and libraries, in a process's address space.  Today a lot of attention is brought to client side exploits especially inside web browsers . Normally the e

WebView is an essential component in Android and iOS. It enables applications to display content from online resources and simplifies task of performing a network request, parsing the data and rendering it. Today AVG Security expert reported a critical vulnerability in Android's WebView feature that allows an attacker to install malicious software, send SMSs and performing more tasks. WebView uses a number of APIs which can interact with the web contents inside WebView. So this allows the user to view a web application as a part of an ordinary Android application. Users can be infected when they click on a URL link using a vulnerable application that allows opening a Java enabled browser or web page. The commands in the JavaScript code can enable attackers to install malicious software, send SMSs, steal personal information and more. To exploit the flaw, attacker can trick users to click a malicious link from a vulnerable WebView application and which will