Spell-Checking in Google Chrome, Microsoft Edge Browsers Leaks Passwords

Categorieën: Diensten | Vakmensen Zakelijke goederen Financieel Kantoor Marketing Retail Detailhandel Industrie Machines Leeftijd: 14 t/m 18 jaar 19 t/m 30 jaar 31 t/m 64 jaar

Laden...

2 jaren geleden

Html
Tekst

It's called "spell-jacking": Both browsers have spell-check features that send data to Microsoft and Google when users fill out forms for websites or Web services.

Follow Dark Reading:

September 21, 2022

LATEST SECURITY NEWS & COMMENTARY

Spell-Checking in Google Chrome, Microsoft Edge Browsers Leaks Passwords It's called "spell-jacking": Both browsers have spell-check features that send data to Microsoft and Google when users fill out forms for websites or Web services. ChromeLoader Malware Evolves into Prevalent, More Dangerous Cyber Threat Microsoft and VMware are warning that the malware, which first surfaced as a browser-hijacking credential stealer, is now being used to drop ransomware, steal data, and crash systems at enterprises. Beware of Phish: American Airlines, Revolut Data Breaches Expose Customer Info The airline and the fintech giant both fell to successful phishing attacks against employees. How to Dodge New Ransomware Tactics The evolving tactics increase the threat of ransomware operators, but there are steps organizations can take to protect themselves. Water Sector Will Benefit From Call for Cyber Hardening of Critical Infrastructure A call for federal agency "review and assessment" of cyber-safety plans at water treatment plants should better protect customers and move the industry forward. 2-Step Email Attack Uses Powtoon Video to Execute Payload The attack uses hijacked Egress branding and the legit Powtoon video platform to steal user credentials. Survey Shows CISOs Losing Confidence in Ability to Stop Ransomware Attacks Despite an 86% surge in budget resources to defend against ransomware, 90% of orgs were impacted by attacks last year, a survey reveals. MORE NEWS / MORE COMMENTARY


HOT TOPICS
Real Estate Phish Swallows 1,000s of Microsoft 365 Credentials The attacks showcase broader security concerns as phishing grows in volume and sophistication, especially given that Windows Defender's Safe Links feature for identifying malicious links in emails completely failed in the campaign. Cyberattack Costs for US Businesses up by 80% Cyberattacks keep inflicting more expensive damage, but firms are responding decisively to the challenge. Rockstar Games Confirms 'Grand Theft Auto 6' Breach The Take-Two Interactive subsidiary acknowledges an attack on its systems, where an attacker downloaded "early development footage for the next Grand Theft Auto" and other assets. MORE

EDITORS' CHOICE

Uber: Lapsus$ Targeted External Contractor With MFA Bombing Attack The ride-sharing giant says a member of the notorious Lapsus$ hacking group started the attack by compromising an external contractor's credentials, as researchers parse the incident for takeaways. LATEST FROM THE EDGE
No Motivation for Quantum Without Regulatory Push What's it going to take to prod organizations to implement a post-quantum security plan? Legislative pressure. LATEST FROM DR TECHNOLGY
Microsoft Brings Zero Trust to Hardware in Windows 11 A stacked combination of hardware and software protects the next version of Windows against the latest generation of firmware threats.

WEBINARS

Managing Security In a Hybrid Cloud Environment

The enterprise cloud environment is not homogenous - enterprises spread their workloads across private data centers and different public cloud providers. How do you manage security when the tools are all different? How do you enforce security controls consistently across ...

Emerging Cyber Vulnerabilities That Every Enterprise Should Know About

Every day, black hat attackers and white hat researchers are discovering new security vulnerabilities in widely-used systems and applications that might be exploited to compromise your data. Are you aware of the newest-and potentially most impactful-vulnerabilities that have been discovered/...

View More Dark Reading Webinars >>

WHITE PAPERS

Breaches Prompt Changes to Enterprise IR Plans and Processes Implementing Zero Trust In Your Enterprise: How to Get Started 6 Elements of a Solid IoT Security Strategy Incorporating a Prevention Mindset into Threat Detection and Response Five Best Practices for AWS Security Monitoring Eight Best Practices for a Data-Driven Approach to Cloud Migration Sumo Logic for Continuous Intelligence

View More White Papers >>

FEATURED REPORTS

Breaches Prompt Changes to Enterprise IR Plans and Processes Implementing Zero Trust In Your Enterprise: How to Get Started Understanding DNS Threats and How to Use DNS to Expand Your Cybersecurity Arsenal

With attacks and breaches on the rise, enterprise security teams need full visibility over what they have in their network. DNS is a key tool for visibility and asset discovery. Proactive DNS-layer security - such as using DNS data to ...

View More Dark Reading Reports >>

PRODUCTS & RELEASES

New Kaspersky EDR Optimum Further Simplifies Protection Against Evasive Threats ThreatQuotient Enhances Data-Driven Automation Capabilities With New ThreatQ TDR Orchestrator Features SASE Bucks Economic Uncertainty With Over 30% Growth in 2Q 2022, According to Dell'Oro Group Invicti Security and ESG Report on How Companies are Shifting for Higher Quality, Secure Application Code Byos Releases Free Assessment Tool to Provide Companies With Tailored Network Security Recommendations MORE PRODUCTS & RELEASES

CURRENT ISSUE

Building & Maintaining an Effective Remote Access Strategy
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES

Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA

To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.

Thoughts about this newsletter? Give us feedback.

Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:

If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.

We take your privacy very seriously. Please review our Privacy Statement.

Deel deze op

Laden...

Andere nieuwsbrieven van Informationweek.com

Beyond Washington, DC: The State of State-Based Data Privacy Laws Informationweek.com
4 uren geleden
Faux ChatGPT, Claude API Packages Deliver JarkaStealer Informationweek.com
6 uren geleden
Final Chance: Urgent Invite for December 3rd Informationweek.com
7 uren geleden

Meer nieuwsbrieven van Informationweek.com

Laden...

Gerelateerde nieuwsbrieven

Bekijk andere categorieën

Diensten | Vakmensen Zakelijke goederen Financieel Kantoor Marketing Retail Detailhandel Industrie Machines

Spell-Checking in Google Chrome, Microsoft Edge Browsers Leaks Passwords

Building & Maintaining an Effective Remote Access Strategy

Deel deze op

Andere nieuwsbrieven van Informationweek.com

Gerelateerde nieuwsbrieven

Bekijk andere categorieën