Blog

Researchers from cybersecurity company Morphisec have recently discovered a new strain of malware they believe has been in the wild of the internet since at least May of this year (2020).

Dubbed Jupyter, this strain is classed as an Info Stealer. It focuses on getting into user names, passwords and other private systems and exfiltrating that data to a server the hackers control.

As malware goes, this strain certainly isn't the worst or most destructive we've ever seen. However, armed with a sufficient number of your passwords, the hackers can wreak untold havoc on your life, so it's definitely a threat that should be taken seriously.

Of interest, Jupyter seems to preferentially target Chromium Firefox and Google Chrome Browsers, so if you're not using either of those, your risk of running afoul of this strain is relatively low. Unfortunately, Chrome is far and away the most popular browser on the web today, which means the vast majority of netizens are at risk.

The malware is most commonly presented as a zip file and utilizes Microsoft Word Icons inside the zip, with the file names sending out the unmistakable message that they should be urgently opened.

Naturally, if an unsuspecting victim heads down this path, the malware is installed behind the scenes, and promptly begins rooting through the now compromised system looking for user names, passwords, browsing history, cookies and the like. Once it's found everything of interest, these are bundled and sent off to a command and control server where they're combined with other data from other compromised systems so they can be ported to the Dark Web for sale.

Based on an early analysis of the code, the research team believes this new strain to be of Russian origin, but to this point, they have not traced it back to a specific threat actor. In any case, be aware that it's out there and stay vigilant.

Used with permission from Article Aggregator

      

If you're a diehard Chrome browser user, be aware that as of November 17^th, 2020, Chrome 87 has now been ported to the Stable desktop channel, and it's an upgrade well worth getting.

It adds a raft of performance improvements that will increase your overall browsing speed, in addition to offering some new security features.

The single biggest boost to performance came from some tweaks that were the result of an in-depth analysis of how Chrome was using system resources. In that research, it came to light that the biggest consumer of system resources was the JavaScript Timer, specifically as it related to background tabs, which was responsible for some 40 percent of the total resources Chrome consumes.

The company had the following to say about the matter in a recent blog post:

"We investigated how background tabs use system resources and found that JavaScript Timers represent >40 percent of the work in background tabs. Reducing their impact on CPU and power is important to make the browser more efficient. Beginning in M87, we're throttling JavaScript timer wake-ups in background tabs to once per minute. This reduces CPU usage by up to 5x, and extends battery life up to 1.25 hours in our internal testing. We've done this without sacrificing the background features that users care about, like playing music and getting notifications."

It's a big change, but not one that will change the way you view the web or use the browser, and that's perhaps the best part about the improvement. It's behind the scenes, so while it makes a big difference, there's nothing you have to do, or be mindful of, and yet, you should notice something in the neighborhood of a 25 percent overall speed improvement on start up, and a 7-10% boost in speed overall.

In addition to that, if you use Chrome on an Android device, the company has begun to roll out a new caching feature that will store complete screenshots of the web pages you view, including the JavaScript memory, in the cache, which will allow you to instantly go back and forth between sites and return to the exact portion of the content you were reading. It's a small change, but very convenient. Once you start using it, you'll wonder how you ever got along without it.

Also, be aware that a change the company has been talking about since late 2018 has finally been made manifest in this build. When you install Chrome 87, you'll find that FTP support is disabled by default. If you want it re-enabled, you'll have to use the command:

"chrome://flags/#enable-ftp"

But be aware that this is only a temporarily solution. As of the release of Chrome 88, even this capability will be removed.

All in all, the latest build contains some great updates. Grab your copy today.

Used with permission from Article Aggregator

      

For several years now, most of the big tech companies have been using the lure of free to grow their respective user bases. Free unlimited data on phone plans. Free, unlimited storage on cloud drive plans, and the like. Free can get expensive for these firms, however.

Over time, most of them have slowly backed away from that approach, either outright discontinuing their free offerings or putting hard limits on the amount of free space/bandwidth they're offering.

Google is the latest such company to take that step. They've been offering free, unlimited photo storage on their Google Cloud service for more than five years. On June 1st, 2021, that will be coming to an end. You'll have fifteen Gigs free, and after that, you'll be charged a premium.

Fifteen Gigs is still quite a lot of photographs, so Google's revised offering is still quite generous, and note that there is one exception to the new rule. If you're a Google Pixel owner (any model) you'll retain free, unlimited photo storage.

The company's stated reason for the change is to bring their service offering more in line with current industry standards, and that's completely understandable. Free unlimited is one of those concepts that looks good on paper and sounds amazing. In the end, few, if any companies have pockets deep enough to actually maintain that approach in the long run.

Note that in addition to the coming storage limit change, Google is also implementing a housekeeping rule. If you have a Google Cloud account and you haven't logged into it for more than two years, and you're over the new storage limit, then the company will, after making repeated attempts to contact you, start deleting files.

While this might be a bit of a headache for a small percentage of users, honestly, if you haven't logged on for more than two years, it's likely that you've forgotten you even have an account.

Kudos to Google for making the change, and for the exemption for Pixel owners. It's a good way to give users of their own phone a nice, high value perk.

Used with permission from Article Aggregator

      

File this away under the least surprising announcement ever.

Actually, it's not so much an announcement as a reminder that on January 26, 2021, when Mozilla releases Firefox 85, the option to re-enable Adobe's Flash Player will be gone, effectively eliminating Flash on the browser. Firefox is the latest in a string of browsers to have made the same move.

In fact, as of early 2021, you'll be hard-pressed to find any browser that will still support Flash. It's been a long time coming, and although it's bound to cause some consternation, it's a good move.

When the internet was in its infancy, Flash was a seminal application and incredibly important to the development of the early web. Just about every decent website in existence made heavy use of Flash to enhance the capabilities of their sites.

Unfortunately, as the web matured, it became increasingly apparent that Flash had more than its share of problems. For a time, new critical security flaws were being discovered in the code faster than Adobe could patch them, and it put broad swaths of the internet at risk.

Time and technology advanced and Flash was, in addition to being increasingly less secure, an increasingly less robust web development option as competing products could do more, and do it more securely, to boot.

All of that slowly led us to a point where the major browsers began developing a roadmap to gradually phase out Flash support, and now, that day is arriving.

Some browsers have already ended support, and Mozilla will follow suit early next year. If you're still relying on Flash to power your company's website, it's well past time to find some other solution, and there are plenty of great alternatives out there. Technology is simply leaving your business behind. Don't let that happen.

Used with permission from Article Aggregator

      

If you're a gamer, and you make frequent use of Discord, there's a new threat you should be aware of.

Recently, hackers have been seen using a malware strain called 'TroubleGrabber' on a wide range of Discord servers.

TroubleGrabber isn't the worst malware strain we've ever seen, but it is highly problematic. Classed as an Info Stealer, it's designed to collect and exfiltrate gaming login credentials and system information.

Researchers at Netskope first discovered the malware strain in the wild, and note that in terms of capability, it bears a number of similarities to another Info Stealer called AnarchyGrabber.

Although TroubleGrabber is very new, having only been spotted for the first time in October 2020, the hackers controlling it are wasting no time in terms of its use. Based on data collected by the Netskope researchers, TroubleGrabber accounted for more than 85 percent of all of the malware attacks targeting Discord servers during the month of October (2020).

So how does one become infected with this malware strain?

Well, according to the research team, TroubleGrabber is most often disguised as a software crack or some type of game cheat, though it will occasionally present itself as a simple Discord Installer. The Netskope team was rather impressed to find more than a thousand different poisoned binaries in use. So it doesn't really matter what kind of games you play, if you make regular use of cracks or cheat codes, it's highly likely that you'll run across this strain.

Worse, the hacker behind it was also found to have placed a "helpful" instruction video on youtube, which teachers other hackers how to use TroubleGrabber and set up their own Discord servers for hosting it.

All that to say, this issue is likely to get a good deal worse before it starts getting better. Discord users and gamers beware.

Used with permission from Article Aggregator