Connect with us

Press Release

Release of Google Chrome 88: Farewell to Flash Player and FTP assistance

Published

on

Release of Google Chrome 88: Farewell to Flash Player and FTP assistance

Today, January 19, 2021, Google released Chrome 88 to the Stable desktop channel, which contains security updates and the much awaited removal of Adobe Flash Player.

Chrome 89 is the newest Beta version, Chrome 88 has been moved to the Stable channel, and Chrome 90 will be the Canary version.

Users using desktop versions of Windows, Mac, and Linux can upgrade to Chrome 88 by selecting Settings -> Help -> About Google Chrome. When a new update becomes available, the browser will then check for it automatically and install it.

Removal of Flash Player from Chrome
On January 12th, 2021, Adobe Flash Player will no longer be supported, hence Google has totally removed Flash from the browser.

Organizations will no longer be able to use Enterprise policy to re-enable Flash Player in Google Chrome as a result of this change.

Since 2017, Google has been alerting consumers to the impending demise of Adobe Flash Player and recommending businesses to stop utilising it in their environments.

With this modification, Flash Player is no longer supported by the main platform for running Flash content.

FTP support was dropped
Due to its limited usage and lack of support for proxy or encrypted (FTPS) connections, Google decided to remove FTP support (ftp:/) from Chrome.

Because only “.1-.2%” of Chrome users actually utilise the FTP protocol, Google has been attempting to get rid of it since 2014.

With the introduction of a new “chrome:/flags/#enable-ftp” flag that determines whether or not FTP support is enabled, Google started deprecating FTP support with the release of Chrome 80.

In order to ensure that there would be no issues with accessing content on FTP sites during the epidemic, Google restored FTP support once more on April 9th, reversing the previous decision to disable it by default in Chrome 81.

“We will “undeprecate” FTP on the Chrome stable channel in light of the present problem. FTP, for instance, will resume operation “Asanka Herath, a Google software engineer, commented on a Chromium issue topic.

The browser no longer offers any FTP support as of the release of Chrome 88.

enhanced controls for the dark mode
Although Google Chrome has long supported operating system dark mode settings, not all of its controls have been converted to a dark mode style. Scroll bars and form controls are some of these controls.

With Chrome 88, the browser now uses a dark mode theme to display scroll bars and form controls.

increased protection against tabbing assaults
In order to prevent “tabnabbing” assaults, Chrome 88 will automatically apply the “noopener” context to links that open in new tabs when a user clicks on them. This attack technique is referred to as “tab-napping” by Google.

A security flaw called “tabbing” enables a freshly opened page to use javascript to send the user to a different URL from the one they were originally on. Any URL the threat actor chooses, such as phishing pages or pages that automatically download malicious files, might be used as the redirected URL.

HTML links can have a rel=”noopener” property added by web designers to stop a new tab from changing the referring page using JavaScript.

With the introduction of Google Chrome today, any links that open in a new tab will instantly have the rel=”nooopener” attribute applied to them.

New Tab search demonstration
The long-awaited capability of being able to search through all of your open tabs finally arrives in Chrome 88. When activated, a small down arrow will appear in a circle, and clicking it will launch a search dialogue.

Continue Reading

Press Release

MICROSOFT IS IN TERMS TO BUY SPEECH TECHNOLOGY COMPANY NUANCE COMMUNICATIONS FOR ABOUT $16 BILLION, OR $56 A SHARE, A 23% OVERPAYMENT TO NUANCE’S FRIDAY CLOSE, According to Sources (BLOOMBERG)

Published

on

MICROSOFT IS IN TERMS TO BUY SPEECH TECHNOLOGY COMPANY

Bloomberg:

According to sources, Microsoft is in advanced talks to acquire Nuance Communications, a provider of speech technology, for about $16 billion, or $56 per share, a 23% premium to Nuance’s Friday close. The proposed price would value Nuance at $56 per share. This week could see the announcement of a deal.

Continue Reading

Press Release

After taking data, the Android spyware BRATA wipes your smartphone.

Published

on

After taking data, the Android spyware BRATA wipes your smartphone.

The most recent version of the Android malware known as BRATA now includes several new and dangerous features, such as GPS tracking, the ability to use numerous communication channels, and a tool that wipes all evidence of malicious activity from the device by performing a factory reset.

Kaspersky originally identified BRATA as an Android RAT (remote access tool) in 2019 that mostly targeted Brazilian users.

A Cleafy report from December 2021 highlighted the malware’s appearance in Europe, where it was observed to target customers of online banking services and steal their credentials with the help of con artists posing as bank customer support representatives.

Cleafy analysts kept an eye out for new features in BRATA, and in a new research released today, they show how the malware is still evolving.

versions with modifications for various audiences
The most recent iterations of the BRATA malware currently target e-banking users in China, Latin America, the UK, Poland, Italy, and Spain.

With various overlay sets, languages, and even different apps to target particular populations, each version focuses on a different bank.

In all versions, the developers employ comparable obfuscation strategies, such as enclosing the APK file in an encrypted JAR or DEX package.

The VirusTotal scan below shows how effectively this obfuscation avoids antivirus detections.

On that front, before moving on to the data exfiltration process, BRATA now actively looks for indicators of AV presence on the device and tries to erase the discovered security tools.

 

New capabilities
The keylogging functionality, which is a new feature in the most recent BRATA versions, was discovered by Cleafy researchers and adds to the existing screen capturing capabilities.

All new variations also include GPS monitoring, however analysts are unsure of its precise function.

The performing of factory resets, which the actors do in the following circumstances, is the scariest of the new malevolent features.

The fraudulent transaction has been successfully finished after the compromise (i.e. credentials have been exfiltrated).
It has been discovered by the programme that it operates in a virtual environment, perhaps for analysis.
The kill switch used by BRATA is a factory reset, which wipes the device and increases the risk of a victim experiencing an unexpected and permanent loss of data.

Finally, BRATA now supports HTTP and WebSockets and has provided new channels for data exchange with the C2 server.

 

A direct, low-latency route that is perfect for in-the-moment communication and live manual exploitation is provided by the choice of WebSockets for the actors.

Additionally, because WebSockets don’t need to send headers with each connection, less suspicious network traffic is generated, which reduces the likelihood of being discovered.

Basic safety precautions
BRATA is only one of several sneaky RATs and Android banking trojans that target users’ banking credentials that are out there.

Installing apps from the Google Play Store, avoiding APKs from dubious websites, and always scanning them with an AV programme before opening them are the best strategies to prevent being infected by Android malware.

Pay close attention to the permissions that are requested during installation and don’t allow those that don’t seem necessary for the app’s primary functions.

Finally, keep an eye on your battery life and network traffic levels to spot any sudden spikes that can be caused by malicious processes that are running in the background.

Continue Reading

Press Release

Record: hackers scraped information of 500M LinkedIn customers and published it available online; LinkedIn validates the dataset includes publicly viewable details from its site (Katie Canales/Insider).

Published

on

hackers scraped information

ReporReport: hackers scraped data of 500M LinkedIn users and posted it for sale online; LinkedIn confirms the dataset includes publicly viewable info from its site (Katie Canales/Insider)

Katie Canales / Insider:
Report: hackers scraped data of 500M LinkedIn users and posted it for sale online; LinkedIn confirms the dataset includes publicly viewable info from its site — – Personal data from 500 million LinkedIn users has been scraped and is reportedly for sale on a hacking forum.t: hackers scraped data of 500M LinkedIn users and posted it for sale online; LinkedIn confirms the dataset includes publicly viewable info from its site (Katie Canales/Insider)

Katie Canales / Insider:
Report: hackers scraped data of 500M LinkedIn users and posted it for sale online; LinkedIn confirms the dataset includes publicly viewable info from its site — – Personal data from 500 million LinkedIn users has been scraped and is reportedly for sale on a hacking forum.

Continue Reading

Trending