menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Cyber Crime News

>

Fullscreen...
source image

Hackernoon

3d

read

212

img
dot

Image Credit: Hackernoon

Fullscreen BitM Attack Discovered By SquareX Exploits Browser Fullscreen APIs To Steal Credentials

  • SquareX discovered a Fullscreen BitM attack targeting Safari users, exploiting Fullscreen API vulnerabilities to steal credentials.
  • BitM attacks involve tricking victims by displaying genuine login pages in a pop-up window to steal sensitive information.
  • SquareX's research exposed a major Safari-specific flaw in the Fullscreen API, allowing for more convincing attacks.
  • Safari users are at higher risk due to no clear visual indication when entering fullscreen mode.
  • The use of Fullscreen API in combination with BitM enables attackers to create convincing fake login pages.
  • Other browsers like Firefox and Chrome have subtle notifications for fullscreen mode, while Safari lacks this feature.
  • Existing security solutions struggle to detect Fullscreen BitM attacks due to architectural limitations.
  • Security researchers advise enterprises to update defense strategies against advanced browser attacks.
  • SquareX's Browser Detection and Response tool helps organizations detect and mitigate web-based threats effectively.
  • The Fullscreen BitM Attack disclosure is part of a series focusing on browser security by SquareX's research team.

Read Full Article

like

12 Likes

share

2 Shares

For uninterrupted reading, download the app