Security Alerts & News
by Tymoteusz A. Góral

History
#536 NoScript and other popular Firefox add-ons open millions to new attack
The attack is made possible by a lack of isolation in Firefox among various add-ons installed by an end user. The underlying weakness has been described as an extension reuse vulnerability because it allows an attacker-developed add-on to conceal its malicious behavior by invoking the capabilities of other add-ons. Instead of directly causing a computer to visit a booby-trapped website or download malicious files, the add-on exploits vulnerabilities in popular third-party add-ons that allow the same nefarious actions to be carried out. Nine of the top 10 most popular Firefox add-ons contain exploitable vulnerabilities. By piggybacking off the capabilities of trusted third-party add-ons, the malicious add-on faces much better odds of not being detected.
Read more
#546 Ubuntu patches kernel vulnerabilities
#545 First Windows 10 preview with bash support is out now
#544 Crypto ransomware targets called by name in spear-phishing blast
#543 Quanta LTE router beset by over 20 critical security flaws
#542 Phishing email that knows your address
#541 Apple iPhone 6S, 6S Plus vulnerable to new lock screen bypass flaw
#540 Nexus Security Bulletin—April 2016
#539 Obtaining login tokens for an Outlook, Office or Azure account
#538 Microsoft patches severe account hijacking security flaw
#537 Samsam may signal a new trend of targeted ransomware
#536 NoScript and other popular Firefox add-ons open millions to new attack
#535 Emergency update coming for Flash vulnerability under attack
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12