dcsimg

A week in security (March 1 – 7)

Last week on Malwarebytes Labs, our podcast featured Eva Galperin who talked to us about defending online anonymity and speech. We wrote about how Ryuk ransomware has developed a worm-like capability, how Exchange servers are attacked by Hafnium zero-days, 21 million free VPN users’ data was exposed, how China’s RedEcho was accused of targeting India’s power grids, whether Google’s Privacy … [Read more...]

Will Google’s Privacy Sandbox take the bite out of tracking cookies?

Third-party cookies have been the lynchpin of online advertising for many years. Plans to phase cookies out forever continue to run at a steady pace, with Google in the driving seat. In 2019, it announced its vision for a “Privacy Sandbox”. The building blocks for this were essentially: Most aspects of the web need money to survive, and advertising that relies on cookies is the dominant revenue … [Read more...]

Update now! Chrome fix patches in-the-wild zero-day

The Microsoft Browser Vulnerability Research team has found and reported a vulnerability in the audio component of Google Chrome. Google has fixed this high-severity vulnerability (CVE-2021-21166) in its Chrome browser and is warning Chrome users that an exploit exists in the wild for the vulnerability. It is not the first time that Chrome’s audio component was targeted by an exploit. No … [Read more...]

Update now! Chrome patches zero-day that was exploited in the wild

A Chrome patch has been issued with an advisory stating that the Stable channel has been updated to 88.0.4324.150 for Windows, Mac and Linux. The only noteworthy thing about this update is a patch for a zero-day vulnerability that has been actively exploited in the wild. But that one looks to be extremely important. Which zero-day got patched? Publicly disclosed computer security flaws are … [Read more...]

Browser sync—what are the risks of turning it on?

Modern browsers include synchronization features (like Google Chrome’s Sync) so that all your browsers, on all your devices, share the same tabs, passwords, plugins, and other features. While this is certainly convenient, particularly when you’re migrating to a new device, synchronizing browsers also comes with some risks. What is browser sync? Browser syncing was introduced in … [Read more...]

Google FLoC puts ad trackers on a cookie-free diet

Cookie tracking is dying and Google needs a replacement. It’s betting on FLoC, an ad tracking technology that lets it understand people’s behaviour while respecting their privacy. Google has announced that its tests show promising signs that FLoC is working. Is this a milestone on the road to more privacy, or just better concealed tracking technology? Let’s have a look. What are … [Read more...]

A week in security (January 18 – January 24)

Last week on Malwarebytes Labs, we looked at changes to WhatsApp’s privacy policy, we provided information about Malwarebytes being targeted by the same threat actor that was implicated in the SolarWinds breach, we told the story of ZeroLogon, looked at the pros and cons of Zoom watermarking, studied the vulnerabilities in dnsmasq called DNSpooq, asked if TikTok’s new settings are enough to keep … [Read more...]

Chrome wants to make your passwords stronger

A common sentiment, shared by many people down the years, is that storing passwords in browsers is a bad idea. Malware, for example, would specifically target password storage in browsers and plunder everything in sight. Password managers weren’t exactly flying off the shelves back in 2007, your only real options were home grown. People ended up saving logins in all sorts of odd places: Text … [Read more...]

Hat trick for Google as it patches two more zero-days in Chrome

Slightly over a week ago we advised you to update your Chrome browser. That warning came only a week or so after we advised you to update your Chrome browser. Things are getting a bit repetitive round here. Today, we are compelled to repeat that statement as Google has issued patches for two new zero-day vulnerabilities. Someone tipped Google off about them, although the source(s) wish to … [Read more...]

Update your Chrome again as Google patches second zero-day in two weeks

Before you start to Google for election news, we’d like you to check whether your browser is at the latest and safest version. “Again?”, Chrome users may say. Yes, because Google has found another zero-day vulnerability – that means it’s a hole that is actively being exploited right now. It’s the second zero-day in Google found in the past two weeks. Last week we … [Read more...]