Researchers shed light on hidden root CAs
How widespread is the use of hidden root CAs and certificates signed by them? To answer that and other questions, a group of researchers from several Chinese and U.S. …
Firefox 91 delivers new security and privacy options
Released on August 10, Firefox 91 delivers HTTPS by Default in Private Browsing mode and an enhanced cookie clearing option. Increased security with HTTPS by Default HTTP over …
Tor Browser 10.5 improves circumvention for Tor users in censored places
The Tor Project has brought major censorship circumvention and usability changes to the latest release of Tor Browser. The Tor team is on a mission to make Tor easier to use …
Tackling cross-site request forgery (CSRF) on company websites
Everyone with half a mind for security will tell you not to click on links in emails, but few people can explain exactly why you shouldn’t do that (they will usually offer a …
Years-old MS Office, Word flaws most exploited to deliver malware
29% of malware captured was previously unknown – due to the widespread use of packers and obfuscation techniques by attackers seeking to evade detection, according to a HP …
Isolation-based security technologies are gaining prominence
Cyberinc shared its insights into the key trends that will shape the cybersecurity industry in the coming year. With evolving tactics that increase the risk and impact of …
How secure configurations meet consensus
Have you ever wondered how technology hardening guidelines are developed? Some are determined by a particular vendor or driven by a bottom-line perspective. But that’s not the …
Three ways formal methods can scale for software security
Security is not like paint: it can’t just be applied after a system has been completed. Instead, security has to be built into the system design. But how can we know that a …
Ad-injecting malware hijacks Chrome, Edge, Firefox
When searching for things online, has a greater number of ads than usual been popping up at the top of your search results? If it has, and you’re using Microsoft Edge, …
Google fixes two actively exploited Chrome zero-days (CVE-2020-16009, CVE-2020-16010)
For the third time in two weeks, Google has patched Chrome zero-day vulnerabilities that are being actively exploited in the wild: CVE-2020-16009 is present in the desktop …
Safari, other mobile browsers affected by address bar spoofing flaws
Security researcher Rafay Baloch has discovered address bar spoofing vulnerabilities in several mobile browsers, which could allow attackers to trick users into sharing …
Google aims to improve security of browser engines, third-party Android devices and apps on Google Play
Google has announced two new security initiatives: one is aimed at helping bug hunters improve the security of various browsers’ JavaScript engines, the other at helping …
Featured news
Resources
Don't miss
- Salesforce Gainsight compromise: Early findings and customer guidance
- Research shows identity document checks are missing key signals
- How one quick AI check can leak your company’s secrets
- Salesforce investigates new incident echoing Salesloft Drift compromise
- Security gap in Perplexity’s Comet browser exposed users to system-level attacks