“Firefox will prevent websites from forcing users to directly save PDFs without opening them in the web browser window,” reports The Windows Club. “Mozilla is rolling out this feature to the masses with the stable release of Firefox 78.”
Right now, Mozilla has added this feature to Firefox 78 in the Nightly channel. The issue was first raised in 2011, and it…
Tag: HTTP
What’s new on Coursera for Business – April 2020
By Adam Lewis, Skills Transformation Consultant As we continue to adapt to the new norm, here are 114 new courses and projects to pick out what’s important to you. You can try out Yale’s latest insights on why your Facebook friend is wrong about the stats they’re sharing. Or find your purpose with Michigan’s course […]
The post What’s new on Coursera…
Stripe Is Silently Recording Your Movements On Its Customers’ Websites
Michael Lynch, blogger and former software engineer at Microsoft and Google, discovered that the payment processing platform Stripe and its official JavaScript library records all browsing activity on its customers’ websites and reports it back to the company. Lynch says this data includes the following: 1. Every URL the user visits on my site, including pages that never display Stripe payment…
A Hacker Found a Way To Take Over Any Apple Webcam
An anonymous reader quotes a report from Wired: Apple has a well-earned reputation for security, but in recent years its Safari browser has had its share of missteps. This week, a security researcher publicly shared new findings about vulnerabilities that would have allowed an attacker to exploit three Safari bugs in succession and take over a target’s webcam and microphone on…
Microsoft Throttles Some Office 365 Services To Continue To Meet Demand
In response to high demand as a result of the COVID-19 coronavirus pandemic, Microsoft has started taking action to preserve overall performance by throttling some services. ZDNet reports: On March 16, Microsoft posted to Microsoft 365/Office 365 admin dashboardds a warning about “temporary feature adjustments” that it might take. That warning told customers that Microsoft was “making temporary adjustments to select…
Ghostcat Bug Impacts All Apache Tomcat Versions Released in the Last 13 Years
Apache Tomcat servers released in the last 13 years are vulnerable to a bug named Ghostcat that can allow hackers to take over unpatched systems. From a report: Discovered by Chinese cybersecurity firm Chaitin Tech, Ghostcat is a flaw in the Tomcat AJP protocol. AJP stands for Apache JServ Protocol and is a performance-optimized version of the HTTP protocol in binary…
Cisco Warns: Patch This Critical Firewall Bug in Firepower Management Center
“Cisco is urging customers to update its Firepower Management Center software,” ZDNet reported Thursday, “after users informed it of a critical bug that attackers could exploit over the internet.” Like many Cisco bugs, the flaw was found in the web-based management interface of its software. The bug has a severity rating of 9.8 out of a possible 10 and means admins…
Unpatched Citrix Vulnerability Now Exploited, Patch Weeks Away
An anonymous reader quotes a report from Ars Technica: On December 16, 2019, Citrix revealed a vulnerability in the company’s Application Delivery Controller and Gateway products — commercial virtual-private-network gateways formerly marketed as NetScaler and used by tens of thousands of companies. The flaw, discovered by Mikhail Klyuchnikov of Positive Technologies, could give an attacker direct access to the local networks…
Russian Malware ‘Patches’ Chrome and Firefox To Fingerprint TLS Traffic
An anonymous reader quotes ZDNet: A Russian cyber-espionage hacker group has been spotted using a novel technique that involves patching locally installed browsers like Chrome and Firefox in order to modify the browsers’ internal components. The end goal of these modifications is to alter the way the two browsers set up HTTPS connections, and add a per-victim fingerprint for the TLS-encrypted…
Chrome Promises ‘No More Mixed Messages About HTTPS ‘
“Today we’re announcing that Chrome will gradually start ensuring that https:// pages can only load secure https:// subresources,” promises an announcement on the Chromium blog. It notes that Chrome users already make HTTPS connections for more than 90% of their browsing time, and “we’re now turning our attention to making sure that HTTPS configurations across the web are secure and up-to-date.”…