A hacker has discovered a universal Cross Site Scripting (XSS) flaw that affects Internet Explorer 11 on Windows 7 and 8.1, and which could allow attackers to execute extremely convincing phishing attacks against Internet users.
Google Chrome users are being actively targeted with a spam email campaign impersonating the Internet giant, urging them to download a newer version of the popular browser because theirs is "potentially vulnerable and out of date": Unfortunately for those who fall for this scam, the offered link does not lead to the legitimate software, even though the executable is named ChromeSetup.exe.
How to make users understand a browser's SSL warning, and make them choose the link that will lead them away from a site that has been deemed unsafe for use? A group of Google researchers have had the opportunity to test the recommendation from warning literature.
Symantec researchers have recently encountered a new variant of the old one-click mobile fraud, which results in the users' mobile browser being thrown in a loop and becoming unusable.
Late last week WhiteHat Security open sourced Aviator, its Chromium-based browser that has been marketed as "the most secure browser online." The browser offers anonymity and security by default: no hidden tracking by advertizers, blocks advertisements by default (thus preventing malvertising attacks), default private browsing mode, and so on.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.