November 14, 2024 at 04:05PM The new Glove Stealer malware can bypass Google Chrome’s App-Bound encryption to steal cookies and sensitive information from various browsers and applications. It employs social engineering tactics similar to ClickFix infections and requires local admin privileges to operate. Analysts note its basic methods indicate it remains in early development. ### … Read more
November 14, 2024 at 03:49PM New Glove Stealer malware can infiltrate Google Chrome’s App-Bound encryption, successfully stealing browser cookies. This poses significant security risks, as it can access sensitive information from users’ online activities. **Meeting Takeaways:** 1. **New Malware Alert**: A new information-stealing malware named “Glove Stealer” has been identified. 2. **Bypassing Security Features**: Glove … Read more
November 13, 2024 at 07:15AM The rise of SaaS and cloud environments has increased cybersecurity threats, particularly through browsers. LayerX released a guide, “Kickstarting Your Browser Security Program,” outlining steps for implementing browser security, including threat mapping, stakeholder collaboration, and gradual rollouts. Successful programs adapt to evolving risks, focusing on data protection and credential safety. … Read more
October 31, 2024 at 06:54AM The “Enterprise Identity Threat Report 2024” highlights vulnerabilities in corporate identity management, revealing that 2% of users drive most identity risks. Key issues include shadow identities, weak corporate passwords, high-risk browser extensions, and attackers bypassing legacy tools. Organizations must reassess their identity security strategies for better protection. **Meeting Takeaways: “Enterprise … Read more
October 30, 2024 at 10:03AM A recently patched security flaw in the Opera browser, identified as CrossBarking, allowed malicious extensions to access private APIs, facilitating actions like screenshot capture and account hijacking. Guardio Labs demonstrated the exploit using a benign extension. The incident highlights ongoing security concerns and the need for stricter monitoring of browser … Read more
October 10, 2024 at 12:57AM Mozilla has disclosed a critical vulnerability (CVE-2024-9680) affecting Firefox, exploited in the wild. This use-after-free bug in the Animation timeline component allows attackers to execute code. Users are urged to update to the latest versions (Firefox 131.0.2, ESR 128.3.1, and 115.16.1) to mitigate risks. **Meeting Takeaways – October 10, 2024** … Read more
October 8, 2024 at 08:36AM Malicious browser extensions are evading Google’s latest Chrome Web Store security, posing significant risks to individuals and organizations. Researchers showcased the ability to steal data and manipulate permissions. While Google aims to enhance privacy and security with Manifest V3, vulnerabilities still exist. Companies are advised to review and restrict browser … Read more
September 30, 2024 at 08:30AM Attackers are increasingly using session hijacking to bypass MFA. Microsoft detected 147,000 token replay attacks in 2023, a 111% increase YoY. Modern session hijacking targets cloud-based apps, seeking to steal session material and bypass MFA. Phishing toolkits like AitM and BitM, as well as infostealers, are used to hijack sessions. … Read more
September 19, 2024 at 05:23PM c/side, a cybersecurity company, secured $6 million in seed funding led by Uncork Capital, with participation from Mantis VC, Scribble Ventures, Roar Ventures, and PrimeSet. The funding will accelerate the development of their proxy solution for securing third-party web scripts. c/side offers an AI-driven toolkit to identify and neutralize malicious … Read more
September 4, 2024 at 07:19AM The report “Why Account Takeover Attacks Still Succeed, and Why the Browser is Your Secret Weapon in Stopping Them” emphasizes the threat of account takeover attacks in SaaS environments and the role of the browser in neutralizing them. It highlights tactics used in account takeovers and recommends a browser security … Read more