-
Windows MSHTML zero-day used in malware attacks for over a year
Microsoft fixed a Windows zero-day vulnerability that has been actively exploited in attacks for eighteen months to launch malicious scripts while bypassing built-in security features.
- July 10, 2024
- 12:04 PM
5
-
LastPass is now encrypting URLs in password vaults for better security
LastPass announced it will start encrypting URLs stored in user vaults for enhanced privacy and protection against data breaches and unauthorized access.
- May 22, 2024
- 01:04 PM
3
-
Sponsored Content
Free shadow SaaS inventory + security insightsDiscover all SaaS accounts ever created by anyone in your org, in minutes, along with insights on security risks and spend. Save time, money and effort by curbing SaaS sprawl and automating tasks like offboarding and user access reviews. Free trial.
-
GitLab affected by GitHub-style CDN flaw allowing malware hosting
BleepingComputer recently reported how a GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with Microsoft repositories, making the files appear trustworthy. It turns out, GitLab is also affected by this issue and could be abused in a similar fashion.
- April 22, 2024
- 11:05 AM
- 0
-
Evasive phishing mixes reverse tunnels and URL shortening services
Security researchers are seeing an uptick in the use of reverse tunnel services along with URL shorteners for large-scale phishing campaigns, making the malicious activity more difficult to stop.
- June 05, 2022
- 11:06 AM
- 0
-
State-backed hackers increasingly use RTF injection for phishing
Three APT hacking groups from India, Russia, and China, were observed using a novel RTF (rich text format) template injection technique in their recent phishing campaigns.
- December 01, 2021
- 05:00 AM
- 0
-
A Google Drive security update will break some of your shared links
An upcoming security update for Google Drive will increase the security of your shared documents but likely break many of your shared links.
- June 24, 2021
- 09:17 AM
- 0
-
Cross-browser tracking vulnerability tracks you via installed apps
Researchers have developed a way to track a user across different browsers on the same machine by querying the installed applications on the device.
- May 14, 2021
- 03:30 AM
- 0
-
Google Chrome to block JavaScript redirects on web page URL clicks
Google Chrome is getting a new feature that increases security when clicking on web page links that open URLs in a new window or tab.
- November 09, 2020
- 02:37 PM
- 0
-
Microsoft shares list of URLs required by Microsoft Defender ATP
Microsoft has released a spreadsheet containing the full list of URLs that Microsoft Defender ATP must reach to function correctly.
- October 28, 2020
- 01:59 PM
- 1
-
Spammers add random text to shortened links to evade detection
Spammers are using a new technique of adding random, unused text bits to shortened links to evade detection by humans and spam filters.
- October 01, 2020
- 09:01 AM
- 0
-
Numerous sites leak user emails to advertising, analytics services
Multiple online services and products are leaking email data belonging to their users to third-party advertising and analytics companies, shows a recent research published today.
- April 29, 2020
- 01:37 PM
- 0
-
UC Browser for Android Vulnerable to URL Spoofing Attacks
The latest versions of UC Browser and UC Browser Mini Android apps with a total of over 600 million installs expose their users to URL spoofing attacks as explained by security researcher Arif Khan who found the flaw and reported it to the apps' security team.
- May 08, 2019
- 05:24 AM
- 0
-
Xiaomi Browsers Still Vulnerable After Failed Patches
Xiaomi has trouble permanently patching its browsers against a vulnerability that enables spoofing URLs in a way that is difficult to detect by users.
- April 09, 2019
- 03:06 AM
- 0
-
Weird Phishing Campaign Uses Links With Almost 1,000 Characters
A targeted phishing campaign is underway that states your email has been blacklisted and then asks you to confirm it by entering your credentials. For some reason, this campaign is using phishing links that can contain almost 1,000 characters, which is enough to make anyone suspicious.
- February 12, 2019
- 05:29 PM
- 0
-
Google's Removing the file:// Scheme from Chrome's Address Bar
According to a Chrome Gerrit entry, Google plans to do away with the file:// URI scheme in the address when opening local files. This is because Chrome 70 will include a new File notification that performs a similar purpose.
- September 18, 2018
- 04:52 PM
- 1
