VB Migration

Tag: firefox

  • VB2019 video: Discretion in APT: recent APT attack on crypto exchange employees

    In June, employees at cryptocurrency exchange Coinbase were targeted by emails linking to a website that used two zero-day vulnerabilities in the Firefox browser to deliver macOS malware. The malware, dubbed ‘NetWire’, had previously been known but the exploit allowed it to bypass built-in protections against it. The NetWire sample was analysed by regular VB…

  • Firefox 59 to make it a lot harder to use data URIs in phishing attacks

    While a domain name is really just a short string, this string comes with a large amount of implicit metadata: the registration date; the IP address(es) the domain currently points to and has pointed to in the past; the associated name servers; past activity observed using the domain. For this reason, domain names play an…

  • Firefox 59 to make it a lot harder to use data URIs in phishing attacks

    While a domain name is really just a short string, this string comes with a large amount of implicit metadata: the registration date; the IP address(es) the domain currently points to and has pointed to in the past; the associated name servers; past activity observed using the domain. For this reason, domain names play an…

  • File-stealing vulnerability found in Firefox PDF reader

    Both Windows and Linux users actively being targeted. If, like me, you are suffering from vulnerability fatigue after so many flaws and weaknesses having been disclosed in Las Vegas this week, you may be tempted to ignore the advisory Mozilla released yesterday. However, I strongly advise you don’t. The company says it has been made…

  • Firefox 17 zero-day exploit targets users of Tor network

    Visitors to child abuse websites likely target of operation, but will there be collateral damage? A zero-day exploit in Firefox 17 that was probably used to track the visitors to child abuse websites hosted on the Tor network will spark further debate on the notion of “good malware” and could lead to very serious false…

  • Firefox 4 crack spreads trojan

    ‘Cracked’ versions of free software used to spread malware In a new malware campaign, users are told they can download a free crack of the Firefox 4 browser, only to find themselves infected with trojans. The lure of ‘free’ has made many a user browse the more dodgy parts of the internet, where crooks are…

  • Bumper crop of October patch releases

    Busy weeks for admins as Patch Tuesday joined by Adobe fixes, and Mozilla announces plug-in checking plans. This week has seen Microsoft ‘s monthly Patch Tuesday release of security updates, featuring a larger than usual 13 fixes, joined by a set of patches from Adobe for its widely-used PDF-handling software. With home and business users…

  • Patch Tuesday brings little relief from browser exploits

    Six fixes issued, but new IE zero day emerges along with Firefox flaw. Microsoft has issued its monthly ‘Patch Tuesday’ security update, with some serious browser flaws patched, but a new IE zero-day has been seen being exploited in the wild, and Firefox users have also been warned about a serious vulnerability. The Patch Tuesday…

  • RealPlayer zero-day flaw exploited

    Manufacturer responds rapidly to serious security hole. A zero-day vulnerability in the popular media playing system RealPlayer was spotted being exploited in the wild late last week, with several trojans penetrating vulnerable systems from malicious websites in silent drive-by downloads. The flaw is in a piece of code previously exploited to cause denial of service,…

  • Controversy over IE-to-Firefox exploit

    MS and Mozilla in row over blame for cross-browser attack. An exploit which involves browsing to a malicious website using Internet Explorer , but then launches an attack via a loophole in Mozilla Firefox , is causing controversy over which piece of software is ‘vulnerable’. The attack, apparently discovered simultaneously by two separate groups of…