Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Web browser. Show all posts
Web browser
AI ChatGPT Cloud Data Internet Technology Web browser

The Risks of AI-powered Web Browsers for Your Privacy


AI and web browser

The future of browsing is AI, it watches everything you do online. Security and privacy are two different things; they may look same, but it is different for people who specialize in these two. Threats to your security can also be dangers to privacy. 

Threat for privacy and security

Security and privacy aren’t always the same thing, but there’s a reason that people who specialize in one care deeply about the other. 

Recently, OpenAI released its ChatGPT-powered Comet Browser, and Brave Software team disclosed that AI-powered browsers can follow malicious prompts that hide in images on the web. 

AI powered browser good or bad?

We have long known that AI-powered browsers (and AI browser add-ons for other browsers) are vulnerable to a type of attack known as a prompt injection attack. But this is the first time we've seen the browser execute commands that are concealed from the user. 

That is the aspect of security. Experts who evaluated the Comet Browser discovered that it records everything you do while using it, including search and browser history as well as information about the URLs you visit. 

What next?

In short, while new AI-powered browser tools do fulfill the promise of integrating your favorite chatbot into your web browsing experience, their developers have not yet addressed the privacy and security threats they pose. Be careful when using these.

Researchers studied the ten biggest VPN attacks in recent history. Many of them were not even triggered by foreign hostile actors; some were the result of basic human faults, such as leaked credentials, third-party mistakes, or poor management.

Atlas: AI powered web browser

Atlas, an AI-powered web browser developed with ChatGPT as its core, is meant to do more than just allow users to navigate the internet. It is capable of reading, sum up, and even finish internet tasks for the user, such as arranging appointments or finding lodgings.

Atlas looked for social media posts and other websites that mentioned or discussed the story. For the New York Times piece, a summary was created utilizing information from other publications such as The Guardian, The Washington Post, Reuters, and The Associated Press, all of which have partnerships or agreements with OpenAI, with the exception of Reuters.

Read more »
Web browser
agentic AI Neon Opera Browser Technology Web browser

Opera Introduces Neon: The Browser That Thinks and Acts for You




Opera has officially launched Neon, its newest browser that blends traditional web browsing with artificial intelligence capable of taking real actions for users. Unlike regular browsers that only assist with tasks such as summarizing webpages or answering quick questions, Neon is designed to handle jobs independently, such as comparing product prices, booking flights, or sending emails, all within a single interface.

The company has been developing this technology for nearly two years, aiming to redefine what a web browser can do in the age of AI. Neon’s core idea is what Opera calls “agentic browsing” — a concept where the browser acts as a personal digital agent that can think, analyze, and execute commands rather than just display information.


How Neon Works

Neon’s functionality revolves around three main tools: Chat, Do, and Make.

Chat serves as a conversational assistant that helps users interact with websites or retrieve information quickly.

Do is where the browser’s true intelligence lies — it allows Neon to take real action on the user’s behalf, like placing an order, sending a message, or completing a form.

Make helps users generate outputs such as drafts, summaries, or creative material.

When combined, these features turn Neon into a proactive tool that doesn’t just respond to you but works with you.


Organized Workspaces and Smarter Prompts

One of Neon’s standout additions is Tasks, a feature that allows users to create dedicated mini workspaces for specific goals. Each Task works like a self-contained browser window that remembers context, helping Neon analyze and perform multiple actions without cluttering the main screen. For example, users can have one Task comparing airfares while another is drafting an email, both running independently.

Neon also introduces Cards, which are pre-built AI prompts for automating frequent activities. They function like templates that users can reuse anytime, whether to schedule tasks, perform research, or even place a recurring order. Opera allows users to customize and save their own Cards, tailoring them for personal use.


A Step Ahead of Competitors

While other AI-powered browsers like Comet have introduced agentic functions, Neon’s performance currently appears more refined. Its ability to complete full workflows with minimal human input demonstrates how far Opera has pushed the idea of autonomous browsing. Users who tested both browsers report that Neon executes most tasks more smoothly, with fewer interruptions or manual confirmations.


The future of this browser 

Neon is still being rolled out through a waitlist, with plans for a premium subscription priced at $19.99 per month. Opera describes it as the next stage in web navigation: a browser that doesn’t just assist but acts.

As agentic AI gains ground, Neon represents a growing shift in how users interact with technology. However, experts advise caution, reminding that convenience should not come at the expense of privacy and security. As AI-driven browsers become more capable, ensuring that automated systems act safely and transparently will remain a priority for both developers and users.




Read more »
Web browser
AMD Software TSA Vulnerabilities and Exploits Web browser

Newly Found AMD Processor Flaws Raise Concerns, Though Risk Remains Low



In a recent security advisory, chipmaker AMD has confirmed the discovery of four new vulnerabilities in its processors. These issues are related to a type of side-channel attack, similar in nature to the well-known Spectre and Meltdown bugs that were revealed back in 2018.

This time, however, the flaws appear to affect only AMD chips. The company’s research team identified the vulnerabilities during an internal investigation triggered by a Microsoft report. The findings point to specific weaknesses in how AMD processors handle certain instructions at the hardware level, under rare and complex conditions.

The newly disclosed flaws are being tracked under four identifiers: CVE-2024-36350, CVE-2024-36357, CVE-2024-36348, and CVE-2024-36349. According to AMD, the first two are considered medium-risk, while the others are low-risk. The company is calling this group of flaws “Transient Scheduler Attacks” (TSA).

These vulnerabilities involve exploiting the timing of certain CPU operations to potentially access protected data. However, AMD says the practical risk is limited because the attacks require direct access to the affected computer. In other words, someone would need to physically run malicious software on the system in order to take advantage of these issues. They cannot be triggered through a web browser or remotely over the internet.

The impact of a successful attack could, in theory, allow an attacker to view parts of the system memory that should remain private — such as data from the operating system. This might allow a hacker to raise their access level, install hidden malware, or carry out further attacks. Still, AMD stresses that the difficulty of executing these attacks makes them unlikely in most real-world scenarios.

To address the flaws, AMD is working with software partners to release updates. Fixes include firmware (microcode) updates and changes to operating systems or virtualization software. One possible fix, involving a command called VERW, might slow system performance slightly. System administrators are encouraged to assess whether applying this mitigation is necessary in their environments.

So far, firmware updates have been shared with hardware vendors to patch the two higher-severity issues. The company does not plan to patch the two lower-severity ones, due to their limited risk. Microsoft and other software vendors are expected to release system updates soon.

The vulnerabilities have been shown to affect multiple AMD product lines, including EPYC, Ryzen, Instinct, and older Athlon chips. While the flaws are not easy to exploit, their wide reach means that updates and caution are still important. 

Read more »
Web browser
Google Internet malware Microsoft RustStealer Web browser

Rust-Developed InfoStealer Extracts Sensitive Data from Chromium-Based Browsers

Rust-Developed InfoStealer Extracts Sensitive Data from Chromium-Based Browsers

Browsers at risk

The latest information-stealing malware, made in the Rust programming language, has surfaced as a major danger to users of Chromium-based browsers such as Microsoft Edge, Google Chrome, and others. 

Known as “RustStealer” by cybersecurity experts, this advanced malware is made to retrieve sensitive data, including login cookies, browsing history, and credentials, from infected systems. 

Evolution of Rust language

The growth in Rust language known for memory safety and performance indicates a transition toward more resilient and hard-to-find problems, as Rust binaries often escape traditional antivirus solutions due to their combined nature and lower order in malware environments. 

RustStealers works with high secrecy, using sophisticated obfuscation techniques to escape endpoint security tools. Initial infection vectors hint towards phishing campaigns, where dangerous attachments or links in evidently genuine emails trick users into downloading the payload. 

After execution, the malware makes persistence via registry modifications or scheduled tasks, to make sure it remains active even after the system reboots. 

Distribution Mechanisms

The main aim is on Chromium-based browsers, abusing the accessibility of unencrypted information stored in browser profiles to harvest session tokens, usernames, and passwords. 

Besides this, RustStealer has been found to extract data to remote C2 servers via encrypted communication channels, making detection by network surveillance tools such as Wireshark more challenging.

Experts have also observed its potential to attack cryptocurrency wallet extensions, exposing users to risks in managing digital assets via browser plugins. This multi-faceted approach highlights the malware’s goal to increase data robbery while reducing the chances of early detection, a technique similar to advanced persistent threats (APTs).

About RustStealer malware

What makes RustStealer different is its modular build, letting hackers rework its strengths remotely. This flexibility reveals that future ve

This adaptability suggests that future replications could integrate functionalities such as ransomware components or keylogging, intensifying threats in the longer run. 

The deployment of Rust also makes reverse-engineering efforts difficult, as the language’s output is less direct to decompile in comparison to scripts like Python or other languages deployed in outdated malware strains. 

Businesses are advised to remain cautious, using strong phishing securities, frequently updating browser software, and using endpoint detection and response (EDR) solutions to detect suspicious behavior. 

Read more »
Web browser
Cyber Security Data Privacy search engine Tor Browser Web browser

Best Tor Browser Substitute for Risk-Free Web Surfing

 


 Anonymous Browsing: Tools and Extensions for Enhanced Privacy

Anonymous browsing is designed to conceal your IP address and location, making it appear as though you are in a different region. This feature is particularly useful in safeguarding your private information and identity from third parties.

Many users assume that using Incognito (or Private) mode is the simplest way to achieve anonymity. However, this is not entirely accurate. Incognito mode’s primary purpose is to erase your browsing history, cookies, and temporary data once the session ends. While this feature is useful, it does not anonymize your activity or prevent your internet service provider (ISP) and websites from tracking your behavior.

Secure DNS, or DNS over HTTPS, offers another layer of security by encrypting your DNS queries. However, it only secures your searches and does not provide complete anonymity. For discreet browsing, certain browser add-ons can be helpful. While not flawless, these extensions can enhance your privacy. Alternatively, for maximum anonymity, experts recommend using the Tor Browser, which routes your internet traffic through multiple servers for enhanced protection.

Installing privacy-focused extensions on Chrome or Firefox is straightforward. Navigate to your browser's extension or add-on store, search for the desired extension, and click "Add to Chrome" or "Add to Firefox." Firefox will ask for confirmation before installation. Always ensure an extension’s safety by reviewing its ratings, user reviews, and developer credibility before adding it to your browser.

Top Privacy Tools for Anonymous Browsing

Cybersecurity experts recommend the following tools for enhanced privacy and discretion:

AnonymoX

AnonymoX is a browser add-on that enables anonymous and private internet browsing. It allows you to change your IP address and country, functioning like a lightweight VPN. With a single click, you can switch locations and conceal your identity. However, the free version includes ads, speed limitations, and restricted capabilities. While AnonymoX is a handy tool in certain situations, it is not recommended for constant use due to its impact on browser performance.

Browsec VPN

A VPN remains one of the most reliable methods to ensure online anonymity, and Browsec VPN is an excellent choice. This extension encrypts your traffic, offers multiple free virtual locations, and allows secure IP switching. Its user-friendly interface enables quick country changes and one-click activation or deactivation of features.

Browsec VPN also offers a Smart Settings feature, allowing you to configure the VPN for specific websites, bypass it for others, and set preset countries for selected sites. Upgrading to the premium version ($1.99 per month) unlocks additional features, such as faster speeds, access to over 40 countries, timezone matching, and custom servers for particular sites.

DuckDuckGo

DuckDuckGo is a trusted tool for safeguarding your privacy. This browser extension sets DuckDuckGo as your default search engine, blocks website trackers, enforces HTTPS encryption, prevents fingerprinting, and disables tracking cookies. While DuckDuckGo itself does not include a VPN, upgrading to the Pro subscription ($9.99 per month) provides access to the DuckDuckGo VPN, which encrypts your data and hides your IP address for enhanced anonymity.

Although Incognito mode and Secure DNS offer basic privacy features, they do not provide complete anonymity. To browse discreetly and protect your online activity, consider using browser extensions such as AnonymoX, Browsec VPN, or DuckDuckGo. For maximum security, the Tor Browser remains the gold standard for anonymous browsing.

Regardless of the tools you choose, always exercise caution when browsing the internet. Stay informed, regularly review your privacy settings, and ensure your tools are up-to-date to safeguard your digital footprint.

Read more »
Web browser
Android Phone Cyber Security fast removal junk files Safety SEO-friendly Web browser

Here's How to Remove Unnecessary Files from Your Android Phone's Web Browser

 

The web browser on your Android phone collects a significant amount of data from the websites you visit, much of which is unnecessary to keep on your device. Regardless of whether you use Google Chrome, Mozilla Firefox, or Samsung Internet, this data, stored in cookies and cache, serves various purposes, such as enabling faster website loading and maintaining login sessions. However, a considerable portion of this data is superfluous and poses privacy risks.

Frequent clearing of your browser's cookies and cache is advisable due to the accumulation of unnecessary data, including transient junk and active tracking mechanisms from websites. These trackers often contribute to targeted advertising, where your browsing history influences the ads you encounter. For instance, after browsing online stores, you might notice advertisements tailored to your recent activities, like offers for eyeglasses or reminders of items in your shopping cart on Amazon.

Regularly clearing your cache helps eliminate unwanted data from your phone, especially if there are unidentified data trackers among your browser's cookies. Though clearing your cache may require you to log back into some websites, it's a minor inconvenience compared to the benefits of maintaining your phone's cleanliness and privacy.

The process for clearing cookies and cache varies depending on your phone's model and the web browser app you use. For Google Chrome, Samsung Internet, and Mozilla Firefox on Android devices, specific steps can be followed to clear this data effectively.

In Google Chrome, access the option to clear browsing data through the More menu or the Settings menu. For Samsung Internet, you can clear browsing data within the app or through your phone's Settings app, with options to delete various types of data, including cache and cookies. Mozilla Firefox offers extensive options for clearing browsing data, allowing users to delete specific types of data such as open tabs, browsing history, site permissions, and downloads, in addition to cookies and cached images and files. Additionally, Firefox provides an option to automatically delete browsing data upon quitting the app, enhancing privacy.

Both Chrome and Firefox offer basic and advanced settings for clearing browsing data, including options to specify the time range for deletion and to delete saved passwords and autofill form data. Chrome may prompt users regarding the importance of certain websites before clearing data, providing an opportunity to confirm the action.

Regularly clearing cookies and cache in your Android web browser is essential for maintaining privacy and optimizing device performance.
Read more »
Web browser
Android Brave Browser Chrome Firefox Google Ads MFA Privacy Safari Sandboxing User Privacy Web browser

Chrome's Invasive New Tracking Sparks Need for a New Browser

The importance of privacy issues has increased in the digital era, leading people to look for browsers that prioritize data protection. One of the most popular browsers, Chrome, has recently drawn criticism for its intrusive new tracking features. Users are encouraged to investigate privacy-focused options by this development.

Chrome's latest tracking initiative, Ad Topics, allows websites to gather detailed information about users' online activities. This information is then used to tailor advertisements, potentially leading to a breach of user privacy. As reported by Android Authority, this feature has raised significant concerns among privacy advocates and users alike.

In response to these concerns, the Privacy Sandbox initiative has been introduced. Spearheaded by industry leaders, including Google, it aims to strike a balance between personalized advertising and user privacy. By creating a set of privacy-preserving APIs, Privacy Sandbox seeks to protect users' data while still enabling advertisers to deliver relevant content.

Privacy Sandbox's mission is to "evolve the web ecosystem to provide a more private experience for users." By prioritizing user privacy, it aims to reshape the online experience, ensuring that individuals have greater control over their personal information. This initiative signals a positive step towards a more secure and user-centric internet.

Experts emphasize the significance of user awareness and choice in this evolving landscape. As stated by John Doe, a privacy advocate, "Users deserve to have a say in how their data is collected and used online. It's crucial for them to be informed about the tracking practices of their chosen browser."

In light of these developments, users are urged to explore alternative browsers prioritizing privacy. Browsers like Brave, Firefox, and Safari have long been known for their commitment to user data protection. These options offer robust privacy features, ensuring that users can navigate the web without sacrificing their personal information.

Recent tracking capabilities added to Chrome show how crucial privacy is becoming in the digital sphere. The advent of programs like Privacy Sandbox is a step in the right direction toward achieving a balance between user security and personalization. However, looking at alternative browsers is a wise decision for people seeking urgent privacy guarantees. It is crucial that we control our online experiences while maintaining our privacy since as users, we have the capacity to do so.


Read more »
Web browser
Golang Info Stealer Malicious Payload malware Telegram Titan-Stealer Web browser

Titan-Stealer: A New Golang-based Info-Stealer Malware


Recently, a new Golang-based information stealer malware, named ‘Titan Stealer’ is being promoted by threat actors in their Telegram channel. Initial details regarding the malware were discovered by cybersecurity researcher Will Thomas in November 2022 by using the IoT search engine Shodan. 

Titan is advertised as a malware builder that enables users to alter the malware binary's functionality and the type of data that will be extracted from a victim's system. 

The malware, when launched, initiates a technique called ‘process hollowing’ in order to disseminate the malicious payloads into the memory of a legitimate process called AppLaunch.exe, Microsoft’s .NET ClickOnce Launch Utility. 

According to a recent report by Uptycs security, researchers Karthickkumar Kathiresan and Shilpesh Trivedi say, “the stealer is capable of stealing a variety of information from infected Windows machines, including credential data from browsers and crypto wallets, FTP client details, screenshots, system information, and grabbed files.” 

Targets of The Info Stealer 

The Titan Stealer has been targeting web browsers, including Google Chrome, Mozilla Firefox, Microsoft Edge, Yandex, Opera, Brave, Vivaldi, 7 Star Browser, Iridium Browser, and others. The crypto wallets singled out are Armory, Atomic, Bytecoin, Coinomi, Edge Wallet, Ethereum, Exodus, Guarda, Jaxx Liberty, and Zcash. 

Additionally, it has the ability to collect data from the Telegram desktop app and compile a list of the host's installed programs. 

The gathered information is then transmitted as a Base64-encoded archive file to a remote server under the attacker's control. Additionally, the malware includes a web panel that enables threat actors to access the stolen data. 

How is the Titan Stealer Operated? 

The exact approach used to distribute the malware is still unclear, but the threat actors have utilized numerous methods, such as phishing, malicious ads, and cracked software. 

"One of the primary reasons [threat actors] may be using Golang for their information stealer malware is because it allows them to easily create cross-platform malware that can run on multiple operating systems, such as Windows, Linux, and macOS," says Cyble in its analysis of Titan Stealer. "Additionally, the Go compiled binary files are small in size, making them more difficult to detect by security software." 

The findings come a little over two months after SEKOIA unveiled Aurora Stealer, another Go-based malware that is being used by a number of criminal actors in their campaigns. 

The malware often spreads through websites that mimic a renowned software, with the same domains being continuously updated to host trojanized versions of different programs. 

It is also found to be taking advantage of a tactic called padding in order to artificially inflate the size of the executables to as much as 260MB by adding random data, in order to evade detection by antivirus software. 

Read more »
Subscribe to: Comments (Atom)