The implications of control over internet infrastructure via DNS-over-HTTPS on privacy

In the early days of the internet, it was quite common for local networks to run their own domain name service (DNS). DNS was invented as a solution for allowing internet users to query remote servers via friendly, easy-to-remember names like google.com. Names are much easier to remember compared to more abstract IP numbers like … More The implications of control over internet infrastructure via DNS-over-HTTPS on privacy

Mozilla rushes out patch for Firefox zero‑day

The US cybersecurity agency warns that the critical vulnerability could allow attackers to take control of people’s computers. Mozilla has rolled out a new version of its Firefox web browser to address a critical zero-day vulnerability that has been abused for targeted attacks. Details about the flaw and its exploitation are rather sparse, however. What little is … More Mozilla rushes out patch for Firefox zero‑day

Firefox 69: Third‑Party Tracking Cookies and Cryptomining Now Blocked by Default

Firefox new Enhanced Tracking Protection (ETP) feature launched to all users of the browser to offer better privacy and protection from cryptojacking. Protecting user’s privacy is a long-time preoccupation in IT security, and corporations are also taking action. We saw another example this week with Firefox Version 69.0. Since Tuesday September 3, third-party tracking cookies … More Firefox 69: Third‑Party Tracking Cookies and Cryptomining Now Blocked by Default

Certificates stolen from Taiwanese tech-companies misused in Plead malware campaign

D-Link and Changing Information Technologies code-signing certificates stolen and abused by highly skilled cyberespionage group focused on East Asia, particularly Taiwan. ESET researchers have discovered a new malware campaign misusing stolen digital certificates. We spotted this malware campaign when our systems marked several files as suspicious. Interestingly, the flagged files were digitally signed using a valid … More Certificates stolen from Taiwanese tech-companies misused in Plead malware campaign

Microsoft Edge bug could be exploited to spill your emails to malicious sites

Since a patch for the flaw has already been released, users are well advised to make sure that they’re running the browser’s most recent version. A Google developer has discovered a high-severity loophole that affected the Microsoft Edge web browser and, less so, Mozilla Firefox, and that could provide an attacker with access to the … More Microsoft Edge bug could be exploited to spill your emails to malicious sites

Turla’s watering hole campaign: an updated Firefox Extension abusing Instagram

Some of the tactics used in APT attacks die hard. A good example is provided by Turla’s watering hole campaigns. This group, which has been targeting governments, government officials and diplomats for years, is still using watering hole techniques to redirect potentially interesting victims to their C&C infrastructure. In fact, they have been using them … More Turla’s watering hole campaign: an updated Firefox Extension abusing Instagram

CyberThreats Daily: New graphics engine imperils users of Firefox and Chrome

Experts are advising users of the Mozilla Firefox and Google Chrome browsers to disable a recently added graphics engine that can be exploited to take control of end user computers. The web standard known as WebGL opens the browsers to serious attacks, including the remote execution of malicious code. The technology made its debut in … More CyberThreats Daily: New graphics engine imperils users of Firefox and Chrome