The Upcoming Firefox Browser version will Block Canvas Fingerprinting

Mozilla decides to block the canvas fingering feature from the Firefox browser in the upcoming version. They have rented in another similar feature from Tor Browser. This way, Firefox 58 version will block attempts to canvas fingerprint users who use the HTML5 element. Firefox has provided privacy protection measures to the users and canvas fingerprinting has been employed since long by the marketing and promotion industry for tracking their users.

Image Source

Browser Fingerprinting

Browser fingerprinting is a privacy protection feature which has been serving as an alternative to browser cookies through the websites. The web analytics service make sure to detect the users and identify their online activities. You will find a large number of browsers using fingerprinting techniques. But, Mozilla calls it the issue of Canvas Fingerprinting which works by utilizing HTML5 browser’s canvas element.

The process of this element works like this. When a user appears on a website, it sends message to his browser for providing the concealed text or graphical image on a secret canvas element. Thus, the outcome is take out and a hash of it turns into the fingerprint of the web browser. The specific fingerprint has been shared among all the promotional advertising partners. This way, it uses to identify at the time when user appears on affiliated websites. Thus, a profile of browsing habits of the user is generated, and used for aiming advertising types.

Therefore, canvas fingerprinting serves accordingly because every browser and the mechanism has a precise hardware and software configuration is installed on it. The accomplishment of the website’s demand will effect in several ways to provide services for different and probably exclusive fingerprints. Few browsers fingerprinting efforts can be stopped by using specific types of add-ons such as Privacy Badger or DoNotTrackMe in combination using list from ad blocks.

Modification of Firefox

Firefox will turn into the first significant browsers to perform such a thing nearly this abundant online tracking method. The current modification of Firefox will require websites to prompt users for gaining permission before they can excerpt canvas data. This entirely new feature has been here over four years after the Tor Browser applied an alternative to permit the users to avoid canvas fingerprinting. It is the result of a continuing effort to apply all privacy and security patches of Tor Browser into Firefox.

Mozilla has created a history of efforts to avert online tracking of the user. Firefox 52 has stopped permitting the websites to get access the Battery Status API. The information is ideal to offer about the device used by the visitor and also to apply the safety against font fingerprinting system. Firefox 58 will be released in January 2018 and is ready to bring change set to occur with it is the elimination of WoSign and StartCom root certificates from Mozilla’s root store.

A conversation has been constantly moving on whether Firefox should carry on believing the certificates which were signed by the Staat der Nederlanden Root CA and the Dutch national CA. To bring about a new law that would permit intelligence and security to seize internet traffic and to employ False Keys in third party systems for acquiring the rights to systems and data.

The Ships are in Menace due to terrifying errors in Maritime Communication

Image Source

People researching on security, have gone almost serious about security flaws in an oceanic communication.

According to researchers from IOActive, there is satellite-based shipboard communication system called Stratos Global’s AmosConnect 8.4.0 which is susceptible to cyber-attacks. Inmarsat had laid off the research as inappropriate since it is associated to a newly obsolete platform.

The salesperson has also stated about the hacking situation beside its former kit drew by IOActive would be tough to pull off in implementation. Thousands of vessels worldwide was using AmosConnect mobile satellite communications medium. IOActive include the errors found in the technology exposed blind SQL injection in a specific login form along with a backdoor account that permits complete system honors.

According to IOActive’s primary security advisor Mario Ballano, such an account offers a resources for hackers to accomplish random code on the AmosConnect server just to consent any profound information it might comprise wide-open to theft. IOActive notifies that the defects could permit hackers to attain contact to complex information that is stored on AmosConnect servers; such as emails, instant messages, position of reporting and also automatic file transfer. All these means possibly open direct contact to other associated systems or networks.

AmosConnect assists narrow-band satellite communications and incorporates vessel and shore based office applications into a single message system. IOActive notified in October 2016 to Inmarsat of the vulnerabilities, and accomplished the discovery practice in July 2017. Inmarsat has obsolete 8.0 version of this platform with reference that customers return back to AmosConnect 7.0 or shifting to an email resolution from one of their official partners. Inmarsat moderated the importance of the discoveries in reaction to queries about research of IOActive from El Reg, arguing it stopped and obsolete version of its technology that it scheduled to give up work even earlier IOActive update about the security problems.

An Inmarsat spokesman added the “potential vulnerability” would have been “very difficult to exploit as it would require direct access to the shipboard PC that ran the AC8 email client. This could only be done by direct physical access to the PC, which would require an intruder to gain access to the ship and then to the computer. Any attempt to enter remotely would have been blocked by Inmarsat’s shoreside firewalls.”

Oceanic Cybersecurity has been continuously accumulating inspection this year subsequently a series of calamities, containing the June GPS deceiving violence including over twenty vessels in the Black Sea. While there was a rumor that the accident concerning the USS John McCain with a chemical-tanker might have been the consequence of cyber interfering in August. Ballano showed his exploration in September and found that he could attain full system privileges, principally being the administrator of the box where AmosConnect is connected. The invader would have gotten access and possibly to further associated networks if there were to be any additional software or information stored in the box.

“Essentially anyone interested in sensitive company information or looking to attack a vessel’s IT infrastructure could take advantage of these flaws,” Ballano said. “This leaves crew member and company data extremely vulnerable, and could present risks to the safety of the entire vessel. Maritime Cybersecurity must be taken seriously as our global logistics supply chain relies on it and as cybercriminals increasingly find new methods of attack.”

BADRABBIT – New Ransomware Attacks Throughout Eastern Europe


Image Source

BadRabbit is a new threat – ransomware attack spreads all around Eastern Europe. It has been observed and infected all through Russian, Ukrainian, and across some Eastern European countries. It has affected the entire corporate network, computer system, Odessa International Airport – Ukraine, and numerous media outlets of Russia. The targeted locations have been are systems encrypted and all those computers’ display a specific ransom message.

Cybersecurity firm Kaspersky Lab is monitoring this unexpected malware and compared it to the WannaCry and Petya cyber-attacks that have affected a great number of government agencies and businesses; affecting mostly in Ukraine at the beginning of 2017.

While ESET has announced that BadRabbit could have been affected through drive-by download i.e. where Java-Script is added in HTML coding or a .js file. While visiting a compromised website, there appears a pop-up with an alert to update the Flash Player as a trick to download and install the malware themselves.

Once a system becomes a victim of this new ransomware, BadRabbit; automatically sends a message on the Tor browser along with a certain demand of about $275 (0.05 Bitcoins), for the decryption of the data and to provide access to the devices in exchange. According to the displaying message of BadRabbit ransom, the restoring amount will get a raise after exceeding the time limit.

Russian Interfax and Fontanka both have both been smashed by this cyber-attack, including Ukraine’s Odessa International Airport and the Kiev Metro. Moreover, the threats have been spread to Turkey and Germany as well affecting various departments. Majority of straining ransomware; BadRabbit victims are found in Russia, and the threat appears to have affected devices via Russian media organizations’ hacked websites.

However, the cyber security experts had been always advised people and organizations against paying the ransom amount to such hackers. Because there is no assurance from them that they will restore your system devices as before and remove the malware after receiving the said amount from them.

Historical Microsoft Mess Used As Bait in Modern Phishing Campaign

The cautious people at the Internet Storm Centre (SANS) have observed one more campaign trying to abandon the Locky ransomware utilizing cooperated Word files. As Internet Storm Center supervisor Brad Duncan states, the direction in the Word documents utilizes Microsoft Dynamic Data Exchange (DDE), a distinctive attribute that allows Office application to load data saved in a file from a different Office file. It is the sort of attack that past week was marked in a phishing campaign initiated at Freddie Mac.


Image Source

The phishing announcement conveying this attack arisen from the Necurs botnet, he writes, and as with variant DDE attacks the purpose is simply to persuade the users to accept through the security alerts. A bogus invoice is the swindles’ ideal weapon. If such attack scams the target, the infected document gets a downloader which at the time pulls a print of Locky to decrypt at the object.

The minute the ransomware’s set up and it’s encrypted the target’s hard-drive, Locky is erased, leaving behind a downloader, and then claims for 0.25 Bitcoin allotted.

Duncan writes: “This is an interesting development, because it shows how the DDE attack technique has spread to large-scale distribution campaigns. It’s not new, and I’m not sure how effective it really is. If you know of anyone who was infected from one of these DDE-based Office documents, please tell your story in the comments.”

The Register distinguished past week that DDE (Dynamic Data Exchange) has been around since 1987, and it’s continuously famous aim for attackers.

Since the users have to accept implementation, Microsoft persistently determined DDE is an attribute, but not a bug at all.

October’s Patch Tuesday covers Windows, IE, Edge and Office

In October’s Patch Tuesday, Microsoft rolled out SIX security bulletins that contain more than 30 vulnerabilities targeting Windows, Internet Explorer, Edge, and Office. Out of 6 bulletins released, 3 of them are rated as ‘CRITICAL’. MS15-106 a critical rated bulletin addresses 14 vulnerabilities in the Internet Exlporer. The issues fixed in this bulletin are related to memory corruption, privilege escalation, information disclosure, and VBScript and JScript ASLR bypass issues. Another critical-rated bulletin is MS15-108 that patches various issues related to information disclosure, memory corruption, and ASLR bypass vulnerabilities in the VBScript and JScript scripting engines in Windows. Third and the last critical bulletin addresses a flaw in the Microsoft Windows that allows remote code execution by opening a specially crafted toolbar object in Windows. <more>

Apple iOS 9 PATCHES Airdrop flaw

Apple has released an update for iOS 9, fixes a critical security flaw allowing intruders to inject malicious files in iPhones that can be used to hijack victim’s phone later on. Security researcher Mark Dowd from Azimuth Security found the issue which affects almost all devices using iOS 7 or later, along with all Mac OS X Yosemite versions. According to PoC where Mark Dowd was forcing crafted files to an iPhone using Apple’s AirDrop, even though the request to transfer was denied by the user. AirDrop provides file sharing facility between iOS and OS X devices using WiFi and/or Bluetooth. AirDrop is vulnerable to directory traversal attack allowing intruders to make modification in victim’s OS setting and install malicious apps and rest will be done accordingly. All an attacker needs to install a malicious app is to have a legitimate Apple enterprise certificate to validate the app’s installation process. <more>

Beware!! Android Lollipop users

Researchers from University of Texas has found a security flaw in the lock screen feature of Android 5.x. According to John Gordon, a network security analyst at the University of Texas, the issue exists in the password field – unable to handle a sufficiently long string while the camera app is active, allowing an attacker to crash the lock screen. From the locked screen, one can easily bypass the security. The potential attacker can open the emergency call window, fill it with characters, then copy those into the password field via the settings option on the locked screen until the user interface crashes. Software Development – By using USB debugging normally allows access to vulnerable device to execute arbitrary command or gain access to files with full rights. Google was notified about the issue earlier this year and responded swiftly to release a security patch in June to rectify this issue. Google urge users to apply updates on earliest basis.

Google Chrome 45 addresses 29 flaws

Google has released Chrome 45 to address 29 security flaws affecting Windows, Mac, and Linux platforms. According to Google advisory, Six issues are rated as CRITICAL allowing remote code execution. These high-severity issues addressed cross-origin bypass flaws in DOM, covered in CVE-2015-1291 and CVE-2015-1293, where as a cross-origin bypass issue occurs in Service Worker that is covered in CVE-2015-1292. Besides this, multiple use-after-free flaws in Skia (CVE-2015-1294) and Printing (CVE-2015-1295), and a character spoofing bug in the Omnibox address bar (CVE-2015-1296). The latest version also patched medium severity vulnerabilities in WebRequests, extensions and in the Blink web browser engine. Google credits security researchers Mariusz Mlynski, Rob Wu, Alexander Kashev, and experts using the online monikers, cgvwzq, cloudfuzzer, and zcorpan for finding vulnerabilities in the browser. So far, company has given rewards of $40,500 through bug bounty program. Morever, Google has decided to stop running Flash Ads due to various flaws found in Adobe Flash from time to time. Google is automatically converting most of the Flash ads uploaded to AdWords to HTML5, otherwise it can be done manually using a tool provided by the company. <more>

Bugzilla hack eXposes Firefox 0-day flaw

Mozilla confirmed about Bugzilla breached by an attacker who was able to get access to sensitive information about zero-day flaws in Firefox. According to Mozilla, the intruder was able to breach a high-level user’s account who had access to Bugzilla that contains information of non-public zero-day security flaws. Mozilla said attacker took control of the account since September 2013 and accessed approximately 185 vulnerabilities that were non-public, where 53 vulnerabilities considered CRITICAL flaws. However, company claims 43 of the severe flaws had already been patched, but 10 unpatched security flaws are still in the hands of intruder which pose a huge security risk for Firefox users. <more>

Bugzilla hack eXposes Firefox 0-day flaw

Mozilla confirmed about Bugzilla breached by an attacker who was able to get access to sensitive information about zero-day flaws in Firefox. According to Mozilla, the intruder was able to breach a high-level user’s account who had access to Bugzilla that contains information of non-public zero-day security flaws. Mozilla said attacker took control of the account since September 2013 and accessed approximately 185 vulnerabilities that were non-public, where 53 vulnerabilities considered CRITICAL flaws. However, company claims 43 of the severe flaws had already been patched, but 10 unpatched security flaws are still in the hands of intruder which pose a huge security risk for Firefox users. <more>