AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/21/2020

Seven mobile browsers vulnerable to address bar spoofing attacks

An “address bar spoofing” vulnerability refers to a bug in a web browser that allows a malicious website to modify its real URL and show a fake one instead — usually one for a legitimate site. Address bar spoofing vulnerabilities have been around since the early days of the web, but they have never been so dangerous as they are today. While on desktop browsers there are various signs and security features that could be used to detect when malicious code alters the address bar to display a bogus URL, this is not possible on mobile browsers where screen size is at a premium, and many of the security features found in desktop browsers are missing. Impacted browsers include big names like Apple Safari, Opera Touch, and Opera Mini, but also niche apps like Bolt, RITS, UC Browser, and Yandex Browser. Beardsley believes that attacks are easy to mount and recommends that users update their browsers as soon as possible or move to browsers that are not affected by these bugs.


Justice Dept. files long-awaited antitrust suit against Google

The Department of Justice today filed a landmark antitrust suit against Google, alleging that the company behaved anticompetitively and unfairly pushed out rivals in its search businesses. A company does not have to be a literal monopoly, with no available competition of any kind, to be in violation of antitrust law. The law is instead primarily concerned with what a company does to attain dominance and what it does with that dominant position once it’s at the top. And according to the DOJ’s complaint (PDF), Google did indeed abuse its outsized market power to tilt the playing field in its favor and keep potential rivals out. “Google is the gateway to the Internet,” Deputy Attorney General Jeffrey Rosen said in a call with reporters. “It has maintained its power through exclusionary practices that are harmful to competition.” Google holds more than 80 percent of the market share in search across the board, with an even higher stake in the mobile search market, according to the DOJ suit.


Pharma Giant Pfizer Leaks Customer Prescription Info, Call Transcripts

Pharma giant Pfizer has leaked the private medical data of prescription-drug users in the U.S. for months or even years, thanks to an unprotected Google Cloud storage bucket. The exposed data includes phone-call transcripts and personally-identifiable information (PII), according to vpnMentor’s cybersecurity research team. The victims include people using pharmaceuticals like Lyrica, smoking-cessation aid Chantix, Viagra, menopause drug Premarin, and cancer treatments such as Aromasin, Depo-Medrol and Ibrance. Some of the transcripts were related to conversations about Advil, which is manufactured by Pfizer in a joint venture with GlaxoSmithKline. “Initially, we suspected the misconfigured bucket to be related to just one of the medication brands exposed,” researchers explained. “However, upon further investigation, we found files and entries connected to various brands owned by Pfizer. Eventually, our team concluded the bucket most likely belonged to the company’s U.S. Drug Safety Unit (DSU).”


Adblockers installed 300,000 times are malicious and should be removed now

Adblocking extensions with more than 300,000 active users have been surreptitiously uploading user browsing data and tampering with users’ social media accounts thanks to malware its new owner introduced a few weeks ago, according to technical analyses and posts on Github. Hugo Xu, developer of the Nano Adblocker and Nano Defender extensions, said 17 days ago that he no longer had the time to maintain the project and had sold the rights to the versions available in Google’s Chrome Web Store. Xu told me that Nano Adblocker and Nano Defender, which often are installed together, have about 300,000 installations total. Four days ago, Raymond Hill, maker of the uBlock Origin extension upon which Nano Adblocker is based, revealed that the new developers had rolled out updates that added malicious code.


Japan emphasises Olympics cybersecurity, condemns ‘malicious’ hacks

Japan said on Tuesday it would emphasize cybersecurity around the Tokyo Olympics and condemned “malicious cyberattacks” after Britain and the United States called out Russian military intelligence for trying to disrupt next year’s Games. Olympics organisers reported no significant impact on their operations for the Games, which were originally set for this year but postponed until 2021 due to the coronavirus pandemic. Britain and the United States on Monday condemned what they said were a series of malicious cyberattacks orchestrated by Russian military intelligence, including attempts to disrupt the Tokyo Olympics and Paralympics. Japanese chief cabinet secretary Katsunobu Kato declined to give details but said Japan would make every effort to protect the Games from possible hacking attempts.

Related Posts