Connect with us

Hacking

Update Your Firefox Browser to Fix a Major Browser Vulnerability, Now!

Published

on

Mozilla Firefox browser users are being urged to update to the latest version of the open-source browser after a major vulnerability was found with the potential to steal sensitive data from user computers. The latest version of the browser is patched and now immune to the vulnerability.

Mozilla Firefox users on Windows and Linux platforms are being advised to update to the latest version of the browser (ver 39.0.3) due to an exploit being discovered in the wild which “searched for sensitive files and uploaded them to a server that appears to be in Ukraine,” Mozilla announced in a blog post.

The vulnerability allows malicious attackers to implement JavaScript in order to search for, locate and even upload sensitive data from users’ hard drives to servers located in Ukraine.

The Threat of Ad-based Exploits

hackedThe exploit affects only PCs running Windows and Linux presently, although Mozilla security lead Daniel Veditz warned that Mac users are vulnerable and “would not be immune” if a malicious hacker chose to target them by exploiting the same vulnerability. Moreover, the exploit is triggered “from the interaction of the mechanism that enforces JavaScript context separation and Firefox’s PDF Viewer.” In other words, only Firefox browser versions with the built-in PDF plugins and viewer are vulnerable. Other versions such as Firefox for Android, are not.

“The vulnerability does not enable the execution of arbitrary code but the exploit was able to inject a JavaScript payload into the local file context. This allowed it to search for and upload potentially sensitive local files,” explained Mozilla publicly in their blog.

The Discovery

The first signs of red flags were raised when an advertisement embedded on a fairly popular Russian news website was siphoning sensitive data using an exploit, as discovered by an advanced Firefox user. The data would remotely be uploaded to a server in the Ukraine quietly, without showing any indication of activity.

“The files it was looking for were surprisingly developer focused for an exploit launched on a general audience news site, though of course we don’t know where else the malicious ad might have been deployed,” noted Daniel Veditz, a security researcher at Mozilla.

Significantly, Firefox users may never realize that they were victims of a breach, according to Mozilla, who had advice for those using the browser.

“The exploit leaves no trace it has been run on the local machine,” Mozilla said. “If you use Firefox on Windows or Linux it would be prudent to change any passwords and keys found in the above-mentioned files if you use the associated programs.”

A Critical Security Advisory Issued by Mozilla

Cody Crews, a security researcher working at Mozilla underlined the significance of the vulnerability when signaling the impact of the threat to be critical, after which Mozilla released a security advisory.

The description of the advisory reads:

“Security researcher Cody Crews reported on a way to violate the same origin policy and inject script into a non-privileged part of the built-in PDF Viewer. This would allow an attacker to read and steal sensitive local files on the victim’s computer. Mozilla has received reports that an exploit based on this vulnerability has been found in the wild.”

The affected products include:

  • The Firefox browser.
  • Firefox ESR (Extended Release Channels “intended for groups who deploy and maintain the desktop environment in large organizations.”)
  • Firefox OS. (The official Linux kernel-based operating system already implemented in smartphones, tablets, and smart TVs. The OS is developed by Mozilla and entirely open source.)

The patch was issued not soon after, with the fixes applied in Firefox 39.0.3, Firefox ESR 38.1.1 & Firefox OS 2.2.

Updating Your Firefox Browser

Although Firefox automatically updates in periodic intervals, a manual update is strongly recommended. Here’s how to update, quickly:

  • Look for the “Hamburger” settings menu on the upper right and select the question-mark icon at the bottom of the window that pops open.
  • Now, select ‘About Firefox’ and the browser will instantly look for updates.
  • If you’re already on 39.0.3, you’re all set. Otherwise, good job on the proactive manual update to the latest patched version of the browser!

Images from Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

Ali is a freelance journalist, having 5 years of experience in web journalism and marketing. He contributes to various online publications. With a master degree, now he combines his passions for writing about internet security and technology. When he is not working, he loves traveling and playing games.




Feedback or Requests?

Altcoins

EOS Price Forecast: EOS/USD Heading for Another 300% Move?

Published

on

  • EOS/USD price action via the 4-hour chart view has formed a bullish flag pattern.
  • The price is moving around levels seen back end of March to early April, before a bull run of over 300%.

The past six sessions for EOS/USD have been erratic to say the least. It has been subject to a high amount of volatility, swinging aggressively in both directions. There has been a lack of commitment from either the bear or bull camps of late. As the market continues to trade with such behavior, it appears to be trying to find its feet, ahead of a potential chunky firm trend.

EOS DApp Hacked Again

An EOS based gambling DApp, EOSBet has been hacked, with $338,000 being reported as stolen. This isn’t the first time; just back in September, hackers managed to get away with a reported 40,000 worth of EOS, which at the time had a value of $200,000. It has been said that they were able to exploit their smart contracts, having found security vulnerabilities.

Technical Review – 4-hour Chart View

EOS/USD 4-hour chart

EOS/USD price action has formed a bullish flag pattern, which began taking shape on 15th October, after the aggressive price behavior stabilized. The bulls at the time ran the price well up into $6 territory. Consequently, it then met the breached ascending trend line, failing to move back above this area. This followed the sharp breakthrough to the downside, which occurred on 11th October. As a result, a drop of over 15% was seen, forcing EOS/USD to retreat in a demand area, within the $5.0000 level proximity.

Looking to the upside, small near-term resistance is seen at around $5.6100, which is the upper trend line of the mentioned bull flag pattern. A breakout will likely open the doors to a retest of the broken ascending trend line, tracking around $6.1100. Support can be eyed at $5.4600, which marks the lower trend line of the flag. Furthermore, should this fail to hold, EOS/USD could likely fall back down to the serving demand area, within the lower $5.0000 territory.

April 2018 Bull Run

EOS/USD April bull run

In April of this year EOS/USD entered a chunky bull run, gaining over 300%. From the back end of March until 11th April, the price had been stuck within consolidation mode. Resulting in the price trading within a tight range, at levels of where the price is currently seen today.

Something quite astonishing started to unfold. Between the period of 11th April to the 29th April, a bull run of around 290% was seen. Over this time frame EOS/USD went from $5.9500 up to a high of around $23.0811. The price is currently demonstrating a similar behavior to that of what was seen during the mentioned period. It is interesting to note that the price did have historical levels to break through, as it had already run higher during the period of December 2017 and came back down. Finally, this is not to say EOS/USD will observe the same bull run. However, it is an interesting observation to be aware of.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
2 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 5 (2 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.5 stars on average, based on 33 rated postsKen has over 8 years exposure to the financial markets. During a large part of his career, he worked as an analyst, covering a variety of asset classes; forex, fixed income, commodities, equities and cryptocurrencies. Ken has gone on to become a regular contributor across several large news and analysis outlets.




Feedback or Requests?

Continue Reading

Altcoins

Crypto Market Development: South Korea’s National Policy Committee Chair Calls For ICO Legalization

Published

on

  • A member of South Korea’s governing Democratic party and the chairman of Korea’s National Policy Committee, Min Byung-Doo, is urging to ease the current regulations on Initial Coin Offerings (ICOs).
  • Min Byung-Doo wants to introduce necessary regulatory framework, allowing ICOs in the country.

Allow ICOs In South Korea

The South Korean National Policy Committee Chief, Min Byung-Doo, is calling for a regulatory framework to be explored. This would be to allow for Initial Coin Offerings (ICOs) to take place within the country. He stated that the current prohibiting of ICOs weakens the industry’s competitiveness appeal with foreign markets. Further boldly adding, this would be preventing growth.

In his statement at to lawmakers, Byung-Doo said, “We can see that the flow of investment is clearly changing compared to ICO and angel fundraising. The ICO has raised $1.7 billion for Telegram and $4 billion for Block.One, it is getting bigger and bigger.”

Further in the statement, Min Byung-Doo said, “Let the government, the National Assembly and the blockchain association quickly create a working group to block fraud, speculation, money laundering and develop the block-chain industry,”. However, he acknowledged the government’s reluctance to create the needed framework.

In September 2017, the Financial Services Commission in South Korea announced a ban on ICOs. The law has not yet been enacted.

Crypto Market Reaction

A lack of reaction has been observed for now, despite this determination to help further legitimize the digital currency market in South Korea. Crypto market developments in the country are always watched very carefully. This is given their large crypto market participation. It was reported in December 2017 that South Korea accounted for as much as 17% of all Ethereum trades occurring in cryptocurrency markets.

Market Reactions To South Korean Related News

Ripple (XRP) crashed in January, following CoinMarketCap’s decision to remove XRP price data from Korean exchange desks. This as a result largely brought down the total average.

XRP/USD Coinmarketcap update triggered drop

On 11th January, Korean crypto exchange Coinrail was hacked, and over $40 million in tokens were stolen. Bitcoin initially dropped over 11% on this.

BTC/USD Coinrail hack triggered drop

One final example, UPbit, a South Korean exchange, was investigated by authorities for illicitly moving customer funds to the account of its executives. Bitcoin initially dropped over 7% on the news.

BTC/USD UPbit investigation triggered drop

Given the above mentioned, one should keep an eye on any developments coming out of South Korea, for the foreseeable future.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
1 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 5 (1 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.5 stars on average, based on 33 rated postsKen has over 8 years exposure to the financial markets. During a large part of his career, he worked as an analyst, covering a variety of asset classes; forex, fixed income, commodities, equities and cryptocurrencies. Ken has gone on to become a regular contributor across several large news and analysis outlets.




Feedback or Requests?

Continue Reading

Altcoins

Crypto Market Update: Japan’s Self-Regulatory Group (JVCEA) Readying Tighter Rules on Digital Assets

Published

on

  • A group of cryptocurrency exchange operators in Japan is readying to tighten up measures following recent cyber breach.
  • Action follows reported hack earlier in the month; cryptocurrency exchange Zaif lost an estimated $59.67 million.

Self-Regulatory Group Set To Tighten Rules

The Japan Virtual Currency Exchange Association (JVCEA) is exploring new rules to safeguard against cyber theft, including setting a cap on the amount of digital currencies managed online. This is citing informed sources, being reported by local news outlet, the Japan Times.

Informed sources detailed that the cap will likely to be around 10 – 20% of customer deposits. The JVCEA are said to be soon revising its rules, which were originally drawn up in June following multiple cyber attacks. These will be implemented once all has been approved by the Financial Services Agency. This is as part of the payment services law process in the country.

The move likely received large motive due to the reported hack earlier in September. The Japanese start-up Tech Bureau said that its cryptocurrency exchange, known as Zaif, had been hacked. Losses were estimated around $59.67 million of Bitcoin and two other digital currencies -Bitcoin Cash and Monacoin.

Market Reaction

No initial reaction was observed across the cryptocurrency market on this latest update, coming out of Japan as of Sunday 30th September. Despite this, however, Japan and crypto sell-off are not uncommon to have been used in the same sentence over the past years and even months. This means volatility could be in store for digital assets in the short term.

Back in January of this year, the largest reported hack on a Japanese exchange took place with Coincheck losing $530 million worth of NEM in a coordinated attack. This incident massively spooked the market, and was  a heavy contributor to the large sell-off in January. As we’ve observed over the past eight months, the market has yet to reclaim January’s peak (although this can’t be solely attributed to the theft). At the time, South Korea’s Attorney General had already spooked investors with FUD related to the possible banning of digital currencies in the country.

Against this backdrop, investors are advised to pay attention to Japan-related volatility.

BTC/USD weekly chart

Most recently, looking in the month of June, another sell-off was seen. This one came after Japan’s financial regulator ordered several cryptocurrency exchanges to improve their practices against money laundering. The action led bitFlyer — the country’s largest crypto exchange — to suspend new account creation. This was initiated to improve internal processes in order to curb money laundering and terrorist financing.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
1 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 5 (1 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.5 stars on average, based on 33 rated postsKen has over 8 years exposure to the financial markets. During a large part of his career, he worked as an analyst, covering a variety of asset classes; forex, fixed income, commodities, equities and cryptocurrencies. Ken has gone on to become a regular contributor across several large news and analysis outlets.




Feedback or Requests?

Continue Reading

Recent Comments

Recent Posts

A part of CCN

Hacked.com is Neutral and Unbiased

Hacked.com and its team members have pledged to reject any form of advertisement or sponsorships from 3rd parties. We will always be neutral and we strive towards a fully unbiased view on all topics. Whenever an author has a conflicting interest, that should be clearly stated in the post itself with a disclaimer. If you suspect that one of our team members are biased, please notify me immediately at jonas.borchgrevink(at)hacked.com.

Trending