logo
episode-header-image
Mar 2023
13m 35s

Files stolen from a sneaky SymStealer. [...

N2K Networks
About this episode

Ron Masas of Imperva discusses their work, the "Google Chrome “SymStealer” Vulnerability. How to Protect Your Files from Being Stolen." By reviewing the ways the browser handles file systems, specifically searching for common vulnerabilities relating to how browsers process symlinks, the Imperva Red Team discovered that when files are dropped onto a file input, it’s handled differently.

Dubbing it as CVE-2022-40764, researchers found a vulnerability that "allowed for the theft of sensitive files, such as crypto wallets and cloud provider credentials." In result, over 2.5 billion users of Google Chrome and Chromium-based browsers were affected.

The research can be found here:

Learn more about your ad choices. Visit megaphone.fm/adchoices

Up next
Yesterday
Behind the firewall, trouble brews.
Fortinet patches a critical flaw in its FortiWeb web application firewall. Hackers are exploiting a critical vulnerability in Wing FTP Server. U.S. Cyber Command’s fiscal 2026 budget includes a new AI project. Czechia’s cybersecurity agency has issued a formal warning about Chine ... Show More
31m 49s
Jul 10
Cybercrime has a hefty price tag.
UK police make multiple arrests in the retail cyberattack case. French authorities arrest a Russian basketball player at the request of the U.S. A German court declares open season on Meta’s tracking pixels. The European Union unveils new rules to regulate artificial intelligence ... Show More
35m 48s
Jul 9
Plug-ins gone rogue.
Patch Tuesday. An Iranian ransomware group puts a premium on U.S. and Israeli targets. Batavia spyware targets Russia’s industrial sector. HHS fines a Texas Behavioral Health firm for failed risk analysis. The Anatsa banking trojan targets financial institutions in the U.S. and C ... Show More
29m 52s
Recommended Episodes
Aug 2020
Chrome Blocks Downloads For Files Hosted on HTTP (insecure) URLs - GREAT CHANGE!
A great change by Chrome team, downloading files on HTTP insecure channels is insecure. Let us discuss  Resource  https://www.zdnet.com/article/google-to-block-some-http-file-downloads-starting-with-chrome-83/ --- Support this podcast: https://anchor.fm/hnasr/support 
8m 49s
Nov 2022
OpenSSL new vulnerability
Two new vulnerabilities in openssl were discovered, we discuss them in this video https://www.openssl.org/news/secadv/20221101.txt 
10m 27s
May 2024
SN 976: The 50 Gigabyte Privacy Bomb - Google AI Workarounds, Microsoft Recall
The bigger problem with AI Overview https://udm14.com/ -and- https://tenbluelinks.org/ The horses have left the barn VPNs and Firewalls Email @ GRC Extension to fix Google search Passwords and SPAM Fixing motherboard components Vertical tabs in Firefox FritzBox routers Too many P ... Show More
2h 13m
May 2024
145: Shannen
Shannen Rossmiller wanted to fight terrorism. So she went online and did. Read more about her from her book “The Unexpected Patriot: How an Ordinary American Mother Is Bringing Terrorists to Justice”. An affiliate link to the book on Amazon is here: https://amzn.to/3yaf5sI. Thank ... Show More
1h 15m
Apr 2024
144: Rachel
Rachel Tobac is a social engineer. In this episode we hear how she got started doing this and a few stories of how she hacked people and places using her voice and charm. Learn more about Rachel by following her on Twitter https://twitter.com/RachelTobac or by visiting https://ww ... Show More
1h 2m
Apr 2024
Chrome bientôt en version payante ?
Google vient d’annoncer qu’une version payante de son célèbre navigateur Chrome verra le jour d’ici peu. Mais ne vous inquiétez pas, cela ne vous concerne pas… du moins pas encore. Car ce Chrome payant sera essentiellement réservé aux professionnels, d’où son nom assez clair : Ch ... Show More
2 m
Sep 2023
Tech News: Hackers Gotta Hack
Chinese-backed hackers are infiltrating computer systems by compromising routers. Some security researchers say that modern GPUs can steal pixels right off a web site. And Microsoft encounters yet more resistance regarding its acquisition of Activision Blizzard.See omnystudio.com ... Show More
20m 25s
Listen to millions of songs and podcasts on Anghami