logo
episode-header-image
Mar 2023
13m 35s

Files stolen from a sneaky SymStealer. [...

N2K Networks
About this episode

Ron Masas of Imperva discusses their work, the "Google Chrome “SymStealer” Vulnerability. How to Protect Your Files from Being Stolen." By reviewing the ways the browser handles file systems, specifically searching for common vulnerabilities relating to how browsers process symlinks, the Imperva Red Team discovered that when files are dropped onto a file input, it’s handled differently.

Dubbing it as CVE-2022-40764, researchers found a vulnerability that "allowed for the theft of sensitive files, such as crypto wallets and cloud provider credentials." In result, over 2.5 billion users of Google Chrome and Chromium-based browsers were affected.

The research can be found here:

Learn more about your ad choices. Visit megaphone.fm/adchoices

Up next
Yesterday
When the breachers get breached.
International law enforcement take down the Breachforums domains. Researchers link exploitation campaigns targeting Cisco, Palo Alto Networks, and Fortinet. Juniper Networks patches over 200 vulnerabilities. Apple and Google update their bug bounties. Evaluating AI use in applica ... Show More
28m 50s
Oct 9
Cyber defenders pulled into deportation duty.
DHS reassigns cyberstaff to immigration duties. A massive DDoS attack disrupts several major gaming platforms. Discord refuses ransom after a third-party support system breach. Researchers examine Chaos ransomware and creative log-poisoning web intrusions. The FCC reconsiders its ... Show More
29m 49s
Oct 8
Chinese hackers serve up espionage.
Chinese hackers infiltrate a major U.S. law firm. The EU Commission President warns Russia is waging a hybrid war against Europe. Researchers say LoJax is the latest malware from Russia’s Fancy Bear. Salesforce refuses ransom demands. London Police arrest two teens over an allege ... Show More
32m 4s
Recommended Episodes
Aug 2020
Chrome Blocks Downloads For Files Hosted on HTTP (insecure) URLs - GREAT CHANGE!
A great change by Chrome team, downloading files on HTTP insecure channels is insecure. Let us discuss  Resource  https://www.zdnet.com/article/google-to-block-some-http-file-downloads-starting-with-chrome-83/ --- Support this podcast: https://anchor.fm/hnasr/support 
8m 49s
Nov 2022
OpenSSL new vulnerability
Two new vulnerabilities in openssl were discovered, we discuss them in this video https://www.openssl.org/news/secadv/20221101.txt 
10m 27s
May 2024
SN 976: The 50 Gigabyte Privacy Bomb - Google AI Workarounds, Microsoft Recall
The bigger problem with AI Overview https://udm14.com/ -and- https://tenbluelinks.org/ The horses have left the barn VPNs and Firewalls Email @ GRC Extension to fix Google search Passwords and SPAM Fixing motherboard components Vertical tabs in Firefox FritzBox routers Too many P ... Show More
2h 13m
May 2024
145: Shannen
Shannen Rossmiller wanted to fight terrorism. So she went online and did. Read more about her from her book “The Unexpected Patriot: How an Ordinary American Mother Is Bringing Terrorists to Justice”. An affiliate link to the book on Amazon is here: https://amzn.to/3yaf5sI. Thank ... Show More
1h 15m
Apr 2024
144: Rachel
Rachel Tobac is a social engineer. In this episode we hear how she got started doing this and a few stories of how she hacked people and places using her voice and charm. Learn more about Rachel by following her on Twitter https://twitter.com/RachelTobac or by visiting https://ww ... Show More
1h 2m
Apr 2024
Chrome bientôt en version payante ?
Google vient d’annoncer qu’une version payante de son célèbre navigateur Chrome verra le jour d’ici peu. Mais ne vous inquiétez pas, cela ne vous concerne pas… du moins pas encore. Car ce Chrome payant sera essentiellement réservé aux professionnels, d’où son nom assez clair : Ch ... Show More
2 m
Sep 2023
Tech News: Hackers Gotta Hack
Chinese-backed hackers are infiltrating computer systems by compromising routers. Some security researchers say that modern GPUs can steal pixels right off a web site. And Microsoft encounters yet more resistance regarding its acquisition of Activision Blizzard.See omnystudio.com ... Show More
20m 25s
Listen to millions of songs and podcasts on Anghami