Security Alerts & News
by Tymoteusz A. Góral

History
#1697 Tech support scammers bite Chrome users with forgotten 2014 bug
Tech support scammers have started exploiting a two-year-old bug in Google Chrome to trick victims into believing their PC is infected with malware.

The bug was discovered in Chrome 35 in July 2014 in the history.pushState() HTML5 function, a way of adding web pages into the session history without actually loading the page in question.

The developer who reported the issue published code showing how to add so many items into Chrome’s history list that the browser would effectively freeze.

It’s taken a while for cybercriminals to get around to exploiting this bug, but they’re now using it in a new attack reported by researcher slipstream/RoL.

From the descriptions of those who fell foul of the attack, Chrome would pop up a 'Prevent this page from creating additional dialogs' window, after which the browser would lock up.
Read more
#1705 CrySis ransomware master decryption keys released
#1704 Australian banks dismiss Android NFC past in Apple Pay negotiations
#1703 Snapchat, Skype among apps not protecting users’ privacy
#1702 AdultFriendFinder network hack exposes 412 million accounts
#1701 Smartphone WiFi signals can leak your keystrokes, passwords, and PINs
#1700 Russian banks hit by cyber-attack
#1699 BlackNurse low-volume DoS attack targets firewalls
#1698 OpenSSL patches high-severity DoS bug
#1697 Tech support scammers bite Chrome users with forgotten 2014 bug
#1696 New attack reportedly lets 1 modest laptop knock big servers offline
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12