New Tabbed Browsing Phishing Attack Exploits User Trust

A researcher has developed a new type of phishing attack that takes advantage of the way that browsers handle tabbed browsing and enables an attacker to use a script running in one tab to completely change the content in another tab. The attack, demonstrated by Aza Raskin of Mozilla, could be used for highly targeted attacks against customers of a specific bank, Webmail service or credit-card company.

New Phishing Attack Exploits Tabbed Browsing

In this video, Aza Raskin of Mozilla demonstrates a new class of phishing attack in which the attacker is able to use malicious code in one browser tab to completely change the content in another tab on a victim’s browser.

Nearly one-third of all identity theft victims
say they are unable to completely clear up damaged credit or criminal
records in the aftermath of their identities being abused. But the good
news is they’re spending much less time and money cleaning up the fraud
perpetrated against them in their names, according to a newly released
report. Read the full article. [Dark Reading]

After more than two years, Apple’s Safari browser for Macs remains
vulnerable to attacks that allow websites to litter a user’s hard drive
with thousands of malicious files. The “carpet bomb” vulnerability was publicly disclosed in May 2008 after members of Apple’s security team said they didn’t consider the quirk a security issue. Read the full article. [The Register]

For the second month in a row, Microsoft has tried to eradicate a
mutating rootkit that has blocked some Windows users from installing
security updates. Read the full article. [Computerworld]

This was an amazingly busy news week in the security world, with a lot of major stories competing for your attention: Microsoft sharing pre-patch vulnerability data with foreign governments, IBM handing out certified pre-owned USB keys, Google spying on Wi-Fi users. If you missed anything, never fear, we’ve got a quick review of that matters from the last week. Read on.

Two developers have refined techniques for rummaging through browser
histories to the extent that web sites can now find out what articles a
user has recently read on news sites, their exact postcode and which
search terms that have entered into search engines. Read the full article. [The H Security]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.