Latest News Latest News

Update Windows 10 Immediately to Patch a Flaw Discovered by the NSA

After Adobe today releases its first Patch Tuesday updates for 2020, Microsoft has now also published its January security advisories warning billions of users of 49 new vulnerabilities in its various products.

Read More...

Adobe Releases First 2020 Patch Tuesday Software Updates

Adobe today released software updates to patch a total of 9 new security vulnerabilities in two of its widely used applications, Adobe Experience Manager and Adobe Illustrator. It's the first...

Read More...

Drupal Warns Web Admins to Update CMS Sites to Patch a Critical Flaw

Drupal development team yesterday released important security updates for its widely used open-source content management software that addresses a critical and three "moderately critical" vulnerabilities in its core system.

Read More...

Latest Microsoft Update Patches New Windows 0-Day Under Active Attack

With its latest and last Patch Tuesday for 2019, Microsoft is warning billions of its users of a new Windows zero-day vulnerability that attackers are actively exploiting in the wild in combination with a Chrome exploit to take remote control over vulnerable computers.

Read More...

Snatch Ransomware Reboots Windows in Safe Mode to Bypass Antivirus

Cybersecurity researchers have spotted a new variant of the Snatch ransomware that first reboots infected Windows computers into Safe Mode and only then encrypts victims' files to avoid antivirus detection.

Read More...

Avast and AVG Browser Extensions Spying On Chrome and Firefox Users

If your Firefox or Chrome browser has any of the below-listed four extensions offered by Avast and its subsidiary AVG installed, you should disable or remove them as soon as possible; Avast Online Security, AVG Online Security,Avast SafePrice and AVG SafePrice.

Read More...

Malicious Android SDKs Caught Accessing Facebook and Twitter Users Data

Two third-party software development kits integrated by over hundreds of thousands of Android apps have been caught holding unauthorized access to users' data associated with their connected social media accounts.

Read More...

First Cyber Attack 'Mass Exploiting' BlueKeep RDP Flaw Spotted in the Wild

Cybersecurity researchers have spotted a new cyberattack that is believed to be the very first but an amateur attempt to weaponize the infamous BlueKeep RDP vulnerability in the wild to mass compromise vulnerable systems for cryptocurrency mining.

Read More...

Mysterious malware that re-installs itself infected over 45,000 Android Phones

Over the past few months, hundreds of Android users have been complaining online of a new piece of mysterious malware that hides on the infected devices and can reportedly reinstall itself even after users delete it, or factory reset their devices.

Read More...

New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers

If you're running any PHP based website on NGINX server and have PHP-FPM feature enabled for better performance, then beware of a newly disclosed vulnerability that could allow unauthorized attackers to hack your website server remotely.

Read More...

Most Viewed News Most Viewed News

Back

Avast and AVG Browser Extensions Spying On Chrome and Firefox Users

If your Firefox or Chrome browser has any of the below-listed four extensions offered by Avast and its subsidiary AVG installed, you should disable or remove them as soon as possible; Avast Online Security, AVG Online Security,Avast SafePrice and AVG SafePrice. Why? Because these four widely installed browser extensions have been caught collecting a lot more data on its millions of users than they are intended to, including your detailed browsing history.

Most of you might not even remember downloading and installing these extensions on your web browser, and that's likely because when users install Avast or AVG antivirus on their PCs, the software automatically installs their respective add-ons on the users' browsers.

Both online security extensions have been designed to warn users when they visit a malicious or phishing website; whereas, SafePrice extensions help online shoppers learn about best offers, price comparisons, travel deals, and discount coupons from various sites.

The malicious behaviour of Avast and AVG extensions was discovered almost a month ago by Wladimir Palant, who detailed how the extensions are sending a large amount of data about users' browsing habits, listed below, to the company's servers — "far beyond what's necessary for the extension to function."

What users' data is being sent to Avast?

  • Full URL of the page you are on, including query part and anchor data,
  • A unique user identifier (UID) generated by the extension for tracking,
  • Page title,
  •  Referrer URL,
  • How you landed on a page, e.g., by entering the address directly, using a bookmark or clicking a link,
  • A value that tells whether you visited a page before,
  • Your country code
  • Browser name and its exact version number,
  • Your operating system and its exact version number

"Tracking tab and window identifiers as well as your actions allows Avast to create a nearly precise reconstruction of your browsing behavior: how many tabs do you have open, what websites do you visit and when, how much time do you spend reading/watching the contents, what do you click there and when do you switch to another tab. All that is connected to a number of attributes allowing Avast to recognize you reliably, even a unique user identifier," Palant said.

Over this weekend, Palant reported his findings to both the browser makers, Mozilla, and Google, of which Mozilla took immediate action by temporarily removing the extensions from its Firefox Add-on store within 24 hours until Avast resolves the issue.

"This add-on violates Mozilla's add-on policy by collecting data without user disclosure or consent," Mozilla said.

Since Mozilla didn't blacklist the extensions altogether or automatically removed them from users' browsers, it should be noted that these extensions would remain active for existing users and continue spying on them.

On the other hand, all the four extensions are still available on the Google Chrome Web Store, but Palant believes they will be removed by the tech giant after "considerable news coverage."


Values Values

  • Trustworthiness
  • Innovation
  • Scientific
  • Democracy
  • Synergy
  • Saving