Security Alerts & News
by Tymoteusz A. Góral

History
#1899 Project Zero finds XSS bug in auto-installed Adobe Acrobat Chrome extension
Last week Adobe released an update to Acrobat that had a potentially unwanted passenger along for the ride, an automatically installed Chrome extension that prompted the user to allow it to view and manipulate web pages visited, and manage downloads on the next time Chrome was loaded.

Upon its release, Project Zero security researcher Tavis Ormandy found it left users vulnerable to cross-site scripting attacks.

"I think CSP [Content Security Policy] might make it impossible to jump straight to script execution, but you can iframe non web_accessible_resources, and easily pivot that to code execution, or change privacy options via options.html, etc," Ormandy wrote in the Project Zero issue tracker.
Read more
#1902 Dutch developer added backdoor to websites he built, phished over 20,000 users
#1901 Ukraine's power outage was a cyber attack: Ukrenergo
#1900 GCHQ encourages teenage girls to become cybersecurity professionals of the future
#1899 Project Zero finds XSS bug in auto-installed Adobe Acrobat Chrome extension
#1898 Uncovering the inner workings of EyePyramid
#1897 Oracle's monster security update: 270 fixes and over 100 remotely exploitable flaws
#1896 Newly discovered Mac malware found in the wild also works well on Linux
#1895 EITest nabbing Chrome ssers with a “Chrome Font” social engineering scheme
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12