fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Chrome 86 Rolls Out With Massive User Security Enhancements

Chrome 86 Rolls Out With Massive User Security Enhancements

Google has released Chrome 86 today, October 6th, 2020, to the Stable desktop channel, and it includes numerous security enhancements, features, and APIs for developers.

Chrome 86 brings many security enhancements to both desktop and mobile users in the form of increased password security, protection from insecure downloads and form submissions, and biometric protection when auto-filling saved passwords.

With Chrome 86 now promoted to the Stable channel, Chrome 87 is the new Beta version, and Chrome 88 will be the Canary version.

Windows, Mac, and Linux desktop users can upgrade to Chrome 86 by going to Settings -> Help -> About Google Chrome. The browser will then automatically check for the new update and install it when available.

Chrome gets .well-known/change-password support

Last month, BleepingComputer reported that Google Chrome was adding support for the ‘.well-known/change-password’ file to make it easier to reset breached passwords.

When Chrome performs a password checkup of saved login credentials, if any passwords are involved in data breaches, it will prompt the user to change their password, as shown below.

Chrome Check Password
Chrome Check Password

When clicking on ‘Change password,’ Chrome will connect to a sites ‘.well-known/change-password’ file, which should automatically redirect the user to the site’s password protection page.

If the site does not support the change-password file, it will instead redirect the user to the site’s homepage.

Increased security on Android and iOS

In Google Chrome 83, Google rolled out a new feature called ‘Safety Check’ that performs a checkup of the browser and saved data to ensure it is secure and not compromised.

With the release of Chrome 86 Mobile, Google is enabling this feature in the mobile browser, as shown below.

Chrome Mobile Safety Check
Chrome Mobile Safety Check

In May, Google rolled out an Enhanced Safe Browser for Desktop users, and they are now rolling it to out to Android.

With this feature enabled, Chrome for Android users will get real-time protection when browsing the web and downloading files. This increased security is enabled by Chrome sharing additional information with Google Safe Browsing in real-time to check URLs for malicious activity.

Google states with the predictive phishing protections included in Enhanced Safe Browsing, there has been a dramatic drop in users falling for phishing scams.

“Among our users who have enabled checking websites and downloads in real time, our predictive phishing protections see a roughly 20% drop in users typing their passwords into phishing sites,” Google stated.

iOS users also get a security boost with Chrome 86 with the addition of biometric authentication when auto-filling saved passwords into login forms.

“To improve security on iOS too, we’re introducing a biometric authentication step before Autofilling passwords. On iOS, you’ll now be able to authenticate using Face ID, Touch ID, or their phone passcode,” Google announced today.

Google now blocks mixed content downloads

For some time, Google has been slowly blocking mixed-content information transmitted over Google Chrome.

Mixed content is when files or data are delivered over an insecure HTTP connection when first initiated from HTTPS websites.

With the release of Chrome 86, Google now blocks mixed content downloads for executables and archives. This includes .exe, .apk, .zip, .iso, etc.

If you attempt to initiate a download delivered over insecure HTTP connection when they are first initiated from HTTPS websites, you will see a warning stating “[executable].exe can’t be downloaded securely.”

Also Read: Contract For Service Template: 5 Important Sections

Blocked mixed content download
Blocked mixed content download

You can test this feature yourself, using this proof of concept page hosted at BleepingComputer.com.

Additionally, Google Chrome 86 will now warn users when they submit insecure mixed content forms that the connection is not completely secure. Chrome will then provide the option to continue submitting the data or go back to the page you were on.

Mixed content form warning

Security vulnerabilities fixed

The Chrome 86 release also includes numerous patches for security vulnerabilities.

The list of vulnerabilities has not been published yet, and this article will be updated when it is released.

Experimental features added in Chrome 86

Google also added new flags to Chrome 86 that allow you to test experimental features, such as the ability to edit saved passwords, disable autofill in mixed-content forms, and view AVIF images.

The new features added in this build are:

Edit passwords in settings  – Enables password editing in settings

Disable autofill for mixed forms – If enabled, autofill is not allowed for mixed forms (forms on HTTPS sites that submit over HTTP), and a warning bubble will be shown instead. Autofill for passwords is not affected by this setting. – Mac, Windows, Linux, Chrome OS, Android

Mixed forms interstitial – When enabled, a full-page interstitial warning is shown when a mixed content form (a form on an HTTPS site that submits over HTTP) is submitted.

Enable Incognito Desktop Shortcut – Enables users to create a desktop shortcut for incognito mode.

H.264 Decoder Buffer Is Complete Frame – H.264 decoder will treat each DecoderBuffer as a complete frame. Defaults to enabled.

Content settings page redesign – Enables a new content settings page UI.

Enable AVIF image format – Adds image decoding support for the AVIF image format.

Chrome 86 users can test these features by going to chrome://flags in the address bar and search for the above descriptions.

Also Read: Top 5 Importance Of Website Maintenance Singapore

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us