UID smuggling: A new technique for tracking users online
Advertisers and web trackers have been able to aggregate users’ information across all of the websites they visit for decades, primarily by placing third-party cookies in …
Threat actors extend attack techniques to new enterprise apps and services
Perception Point announced the publication of a report, “The Rise of Cyber Threats Against Email, Browsers and Emerging Cloud-Based Channels“, which evaluates the responses of …
Browser synchronization abuse: Bookmarks as a covert data exfiltration channel
Two universal and seemingly innocuous browser features – the ability to create bookmarks (aka “favorites”) and browser synchronization – make …
A look at the bring your own browser (BYOB) approach
Recently, Microsoft retired IE 11 in favor of Microsoft Edge, which claims to be more secure than Google Chrome, with built-in defenses against phishing and malware. Does this …
Is your organization ready for Internet Explorer retirement?
June 15, 2022, is the day that Microsoft will stop supporting most versions of Internet Explorer 11, and organizations should have ensured that they ready for its retirement. …
HEAT attacks: A new class of cyber threats organizations are not prepared for
Web malware (47%) and ransomware (42%) now top the list of security threats that organizations are most concerned about. Yet despite the growing risks, just 27% have advanced …
Increasing security for single page applications (SPAs)
Single page applications (SPAs) have become the most popular way to create websites that feel faster for the end-user without hitting the server every time a user interacts …
Highly Evasive Adaptive Threats (HEAT) bypassing traditional security defenses
Menlo Security announced it has identified a surge in cyberthreats, termed Highly Evasive Adaptive Threats (HEAT), that bypass traditional security defenses. HEAT attacks are …
Researchers shed light on hidden root CAs
How widespread is the use of hidden root CAs and certificates signed by them? To answer that and other questions, a group of researchers from several Chinese and U.S. …
Firefox 91 delivers new security and privacy options
Released on August 10, Firefox 91 delivers HTTPS by Default in Private Browsing mode and an enhanced cookie clearing option. Increased security with HTTPS by Default HTTP over …
Tor Browser 10.5 improves circumvention for Tor users in censored places
The Tor Project has brought major censorship circumvention and usability changes to the latest release of Tor Browser. The Tor team is on a mission to make Tor easier to use …
Tackling cross-site request forgery (CSRF) on company websites
Everyone with half a mind for security will tell you not to click on links in emails, but few people can explain exactly why you shouldn’t do that (they will usually offer a …