qresear.ch is your friend
Google to Block Logins From Embedded Browsers to Prevent Phishing
Google on Thursday announced that it will soon block login attempts from embedded browser frameworks in an effort to prevent man-in-the-middle (MitM) phishing attacks.
The tech giant says phishing attacks that involve traffic interception are difficult to detect when an embedded browser framework or a different type of automation platform is used for authentication.
As an example of an embedded browser framework Google provided its Chromium Embedded Framework (CEF), which is designed for embedding Chromium-based browsers in other applications.
Since its systems canโt make the difference between legitimate logins and MitM attacks when such frameworks are used, Google has decided that, starting with June, it will block sign-ins from these frameworks.
The company says this latest move is similar to webview sign-in restrictions announced in April 2016.
โThe solution for developers currently using CEF for authentication is the same: browser-based OAuth authentication. Aside from being secure, it also enables users to see the full URL of the page where they are entering their credentials, reinforcing good anti-phishing practices,โ said Jonathan Skelker, Product Manager of Account Security at Google.
These measures come after last year Google informed users that they must enable JavaScript in their web browser due to the introduction of a new security mechanism for the login process. Specifically, when the username and password are entered on the sign-in page, a JavaScript-based risk assessment is conducted and authentication is only successful if nothing suspicious is detected.
DoH! Forgot link
https://www.securityweek.com/google-block-logins-embedded-browsers-prevent-phishing
Facebook Collected Email Contacts of 1.5 Million Users Without Consent
https://www.securityweek.com/facebook-collected-email-contacts-15-million-users-without-consent
clear browser cacheโฆ
=APT34 Toolset, Victim Data Leaked via Telegram=
For the last month, an unknown individual or group has been sharing data and hacking tools belonging to Iranian hacker group APT34.
https://www.darkreading.com/threat-intelligence/apt34-toolset-victim-data-leaked-via-telegram/d/d-id/1334485