Browsers under attack ...
FYI...
Google Chrome
- http://www.securitytracker.com/id?1024256
Jul 28 2010
Apple Safari
- http://www.securitytracker.com/id?1024257
Jul 28 2010
Mozilla Firefox
- http://www.securitytracker.com/id?1024243
Jul 24 2010
- http://techblog.avira.com/2010/07/28...-updates-2/en/
July 28, 2010 - "... web browsers pose the highest risk for getting attacked by cyber criminals, they should be kept up-to-date and therefore the updates should be installed ASAP."
:fear:
Multiple browser vulns/updates...
FYI...
Firefox updated:
- http://securitytracker.com/alerts/2010/Sep/1024401.html
Sep 8 2010 - "... 3.5 prior to 3.5.12, 3.6 prior to 3.6.9..."
- http://securitytracker.com/alerts/2010/Sep/1024406.html
Sep 8 2010 - "... 3.5 prior to 3.5.12, 3.6 prior to 3.6.9..."
Safari updated:
- http://securitytracker.com/alerts/2010/Sep/1024400.html
Sep 8 2010 - "... 4.x prior to 4.1.2, 5.0 prior to 5.0.2..."
Google Chrome:
- http://securitytracker.com/alerts/2010/Sep/1024390.html
Sep 3 2010 - "... prior to 6.0.472.53..."
- http://techblog.avira.com/2010/09/08...-updates-3/en/
:fear:
Browser security update tricks
FYI...
Browser security update tricks
- http://www.symantec.com/connect/blog...y-update-trick
04 Oct 2010 - "... attackers use social engineering techniques to scare users into purchasing a misleading application. This time around, we have come across a couple of websites that are using a slightly different trick to mislead users. In order to trick users, these websites used bogus pages that look similar to those presented by security features or technologies when one is about to visit a malicious page. However, it presented a “Download Updates!!” button, unlike Google’s “Get me out of here” button... Regardless of what browser is used, the user is presented with the same misleading dialog box that seemingly forces the download of Firefox and Chrome updates. This misleading dialog box keeps on popping up, even if the user clicks on cancel button... The downloaded executable turns out to be a variant of the infamous misleading application called Security Tool. Once executed, it displays exaggerated pop-ups in an attempt to scare users... Unlike standard misleading application distribution websites, these sites don’t rely only on social engineering tricks to mislead users. If more savvy users don’t download the misleading application executable, then these websites will redirect users to a website that, in turn, further redirects to a malicious website that is hosting the infamous Phoenix exploit kit. Phoenix is an automated exploit kit that uses heavily obfuscated JavaScript code to evade security products... These exploit kits are used to deliver malware after exploiting a vulnerability, mostly those affecting Web browsers. If users don’t somehow fall victim to this latest browser update trick, then the attackers have the fall back of delivering misleading applications through these exploit kits..."
(Screenshots available at the URL above.)
- http://sunbeltblog.blogspot.com/2010...sing-fake.html
October 07, 2010
- http://sunbeltblog.blogspot.com/2010...-ie-users.html
October 19, 2010
- http://www.f-secure.com/weblog/archives/00002051.html
October 20, 2010
:fear::mad:
Recent Browser updates ...
FYI...
'Need to stay on top of these updates - hacks do... so should you. If you haven't updated, -now- would be the time.
Recent Browser updates:
60 second check for updates here.
___
Multiple IE 0-day vulnerabilities...
IE drive-by bug ... "FixIt" available ...
- http://forums.spybot.info/showpost.p...4&postcount=19
2011.01.12
IE/MHTML vuln ... "FixIt" available ...
- http://forums.spybot.info/showpost.p...2&postcount=23
2011.01.28
___
Use stats
- http://www.w3schools.com/browsers/browsers_stats.asp
:fear:
Software Security Factsheets - 2010
FYI...
• Factsheets By Browser - 2010
- http://secunia.com/resources/factsheets/2010_browsers/
Other software:
- http://secunia.com/resources/factsheets/
Current Factsheets - 2010
• By Vendor
• By Windows Operating System
:fear:
Browser 'BITB' attack ...
FYI...
Browser 'BITB' attack...
- http://www.darkreading.com/taxonomy/...e/id/229218608
Feb. 14, 2011 - "... spin-off of the proxy Trojan, keylogger, and man-in-the-browser (MITB) attack. The "boy-in-the-browser" (BITB) attack... targeting users visiting their banks, retailers, and even Google... spotted in the wild. BITB is basically a "dumbed-down" MITB in which the attacker infects a user with its Trojan, either via a drive-by download or by luring the user to click on an infected link on a site... Imperva's advisory on the attacks is here*."
* http://www.imperva.com/resources/adc...e_Browser.html
Feb. 14, 2011 - "... Nine Latin American banks were targeted..."
:fear::mad: