Web Browser Security
- April 10, 2015
Security researchers say Webpage Screenshot, a popular third-party extension for Google Chrome, was secretly collecting end-user browsing data. Its true purpose and how Google missed it remain up for debate.
- March 25, 2015
Google, Microsoft, and Mozilla have revoked unauthorized TLS certificates issued by an intermediate certificate authority that could have been used in man-in-the-middle attacks.
- March 05, 2015
The serious HTTPS FREAK exploit was thought to only affect Android, iOS, and MacOS, but Microsoft has confirmed that it also affects all supported versions of Windows.
- February 20, 2015
News roundup: Amid hidden add-ons, discontinued services and walled gardens, vendor trust proves elusive for several high-profile tech firms. Plus: Evidence ties North Korea to Sony Pictures hack; card brands boost cybersecurity; and cookies that ...
- February 20, 2015
Exclusive: VerSprite research on 10 alternative Android browsers has found at least one major security vulnerability in all of them, posing a significant security risk for enterprise Android users.
- February 06, 2015
A new IE vulnerability has led to a proof-of-concept same-origin policy exploit, and some experts say it highlights a technique that may soon become popular among attackers.
- February 02, 2015
Trend Micro discovered a new zero-day bug in Adobe Flash that is being actively exploited in the wild. Adobe promises a patch for the vulnerability this week.
- January 30, 2015
News roundup: YouTube announced it has stopped using Flash by default in favor of HTML5. Is this the long-awaited end for Flash? Plus: Java was the riskiest software in 2014; BEC scam cost $215 last year; NFL data interceptions.
- January 26, 2015
Adobe's latest Flash zero day patch came Saturday, just two days after reports that the vulnerability was being exploited by drive-by-download attacks.
- December 19, 2014
News roundup: As it copes with a devastating, unprecedented cyberattack, Sony Pictures' future as a company could be on the line. Plus: "Operation Cleaver"; labeling HTTP websites "insecure"; and a surge in phishing with malicious links.