This is an accidental flaw introduced into the latest version of Chrome, which Google is fixing. Google Chrome bug lets sites write to clipboard without asking (bleepingcomputer.com) The issue with websites being able to write to the system clipboard, is that clipboard often holds sensitive information during a website interaction …
Google Chrome exploited zero-day vulnerability fixed
Google fixes fifth Chrome zero-day bug exploited this year (bleepingcomputer.com)
Yesterday was Patch Tuesday – Exchange server gets a special mention
Microsoft has issued it’s monthly round of patches and updates, SANS Internet Storm Centre has a round-up here: Microsoft August 2022 Patch Tuesday – SANS Internet Storm Center This update addresses the DogWalk zero-day vulnerability. Here are the Microsoft release notes: August 2022 Security Updates – Release Notes – Security …
Continue reading “Yesterday was Patch Tuesday – Exchange server gets a special mention”
Stealing emails undetected using Chrome extensions
The malicious extension has been called SHARPEXT by researchers at Volexity and impacts the Chromium-based web browsers, Chrome, Edge, and can steal email from Gmail. Cyberspies use Google Chrome extension to steal emails undetected (bleepingcomputer.com)
Anonymous browsing – not anymore
Researchers from the New Jersey Institute of Technology have written a paper, which they will present at the Usenix Security Symposium in Boston, demonstrating how threat actors (or governments or law enforcement) could de-anonymise a users from their browsing habits. The attackers would analyse browsing activity and state to determine …