Ransomware evolves with crypto-currency, Microsoft Edge intelligently pauses flash, Firefox add-ons vulnerable to new attack, Vivaldi 1.0 released, and mainstream media doesn’t understand eSports.
Ransomware Evolution is Really Bad News
There’s a new breed of ransomware doing the rounds, and it’s creating havoc for businesses. Mostly these incidents have begun when a hapless employee has done something they do every day, and have wound up carelessly clicking a dodgy email attachment or similar. But while this used to be the start of a long-term plot from the hackers, crypto-currency is turning this into a quick payday for them.
Just recently, 10 hospitals in Maryland operated without access to their central network because their domain servers were locked by a ransomware known as Samsam. Despite these exploits being years old, millions of businesses are still vulnerable to the JBoss application server exploit used by the Samsam attackers, so quick crypto-ransomware attacks such as this are becoming more popular by the day.
The problem lies in the fact that with crypto-currency as a payment form there is little chance of being tracked down by law enforcement. So, rather than slowly search systems for sensitive data, hackers now prefer to take the quick payout.
Microsoft Edge Will Intelligently Pause Flash
The next release of Microsoft Edge is going to be able to pause non-essential flash elements in your browser. What this means is that peripheral content like flash advertisements and animations will be paused until activated with a click, allowing the primary content to load faster, and improve the performance of the browser. This is already available in other leading browsers such as Chrome and Safari.
John Hazen, Principal Program Manager Lead of Microsoft Edge says the update is due with the Anniversary Windows 10 edition, but that Windows Insiders can preview the feature from Windows 10 build 14316.
“Users experience improved battery life when sites use efficient web standards, lowering both memory and CPU demands. Developers benefit as they are able to create sites that work across all browsers and devices, including mobile devices where Flash may not be available.” — John Hazen
Firefox Add-ons Vulnerable to New Attack
A presentation to the Black Hat security conference has revealed that add-ons like NoScript actually leave millions of Firefox users at risk of an attack that could steal sensitive data and execute malicious code. The potential for attack is made possible by Firefox’s lack of isolation of add-ons, but essentially relies on users installing a malicious version of the add-on in the first place.
“These vulnerabilities allow a seemingly innocuous extension to reuse security-critical functionality provided by other legitimate, benign extensions to stealthily launch confused deputy-style attacks.” — CrossFire: An Analysis of Firefox Extension-Reuse Vulnerabilities
Many of the most popular Firefox add-ons contain these exploitable vulnerabilities, meaning that a malicious version of the add-on could remain undetected. The paper explains that this is a new class of attack exploiting extension-reuse vulnerabilities. Read the full paper on this Firefox exploit for more detail.
Vivaldi Reaches 1.0
Vivaldi is designed to be a browser for power users, full of features and personalization options. Some of its most popular tools include:
- Tab stacks & tab stack tiling
- Sessions & notes
- Speed Dial
CEO of Vivaldi, Jon von Tetzchner, says the browser is a modern classic, which has been designed to help users get the most out of their browser.
“Millions of people have already agreed that they want a better browser, one that puts them in control. Everything we build is in service of the user. We have no investors and their agendas to dictate our progress. There’s no exit strategy and we’re here to stay. All we want to do is give people a browser they’re proud to use and that we’re proud to call Vivaldi.” — Jon von Tetzchner
The Media Learns of eSports
And finally, we get to see how traditional media react to the idea of eSports. In a nutshell, they don’t get it. At all. Well, until the issue of prize money comes up — then they can’t wait to get involved!
Would you call the eSport elites athletes? Do you look up to them or think they are a little obsessed? Tell us!
Your Views on Today’s Tech News
Let us know your thoughts on the Tech News of the day by posting to the comments section below. Because a healthy discussion is always welcome.
Tech News Digest is a daily column paring the technology news of the day down into bite-sized chunks that are easy to read and perfect for sharing.
Image Credit: Zach Copley via Flickr