Enlarge (credit: Getty Images )

An ongoing malware campaign is blasting the Internet with malware that neuters the security of Web browsers, adds malicious browser extensions, and makes other changes to users’ computers, Microsoft said on Thursday.

Adrozek, as the software maker has dubbed the malware family, relies on a sprawling distribution network comprising 159 unique domains with each one hosting an average of 17,300 unique URLs. The URLs, in turn, host an average of 15,300 unique malware samples. The campaign began no later than May and hit a peak in August, when the malware was observed on 30,000 devices per day.

Not your father’s affiliate scam

The attack works against the Chrome, Firefox, Edge, and Yandex browsers, and it remains ongoing. The end goal for now is to inject ads into search results so the attackers can collect fees from affiliates. While these types of campaigns are common and represent less of a threat than many types of malware, Adrozek stands out because of malicious modifications it makes to security settings and other malicious actions it performs.

Enlarge (credit: Getty Images)

Brave Software, maker of the Brave Web browser, is introducing a news reader that’s designed to protect user privacy by preventing parties—both internal and third party—from tracking the sites, articles, and story topics people view.

Brave Today, as the service is called, is using technology that the company says sets it apart from news services offered by Google and Facebook. It’s designed to deliver personalized news feeds in a way that leaves no trail for Brave, ISPs, and third parties to track. The new service is part of Brave’s strategy of differentiating its browser as more privacy-friendly than its competitors'.

Key to Brave Today is a new content delivery network the company is unveiling. Typically, news services use a single CDN to cache content and then serve it to users. This allows the CDN or the service using it to see both the IP address and news feed of each user, and over time, that data can help services build detailed profiles of a person’s interests.

Enlarge (credit: Global Privacy Control )

Anyone who remembers Do Not Track—the initiative that was supposed to allow browser users to reclaim their privacy on the Web—knows it was a failure. Not only did websites ignore it, using it arguably made people less private because it made them stick out. Now, privacy advocates are back with a new specification, and this time they’ve brought the lawyers.

Under the hood, the specification, known as Global Privacy Control, works pretty much the same way Do Not Track did. A small HTTP header informs sites that a visitor doesn’t want their data sold. The big difference this time is the enactment of the Consumer Privacy Act in California and, possibly, the General Data Protection Regulation in Europe, both of which give consumers broad rights over how their private information can be used.

At the moment, California residents who don’t want websites to sell their data must register their choice with each site, often each time they visit it. That’s annoying and time-consuming. But the California law specifically contemplates “user-enabled global privacy controls, such as a browser plug-in or privacy setting,” that signal the choice. That’s what the Global Privacy Control—or GPG—does.

Enlarge / Photo illustration by Jakub Porzycki/NurPhoto via Getty Images (credit: Getty Images)

A US senator is calling on the Department of Homeland Security’s cybersecurity arm to assess the threat posed by browser extensions made in countries known to conduct espionage against the US.

“I am concerned that the use by millions of Americans of foreign-controlled browser extensions could threaten US national security,” Senator Ron Wyden, a Democrat from Oregon, wrote in a letter to Christopher Krebs, director of the DHS’ Cybersecurity and Infrastructure Security Agency. “I am concerned that these browser extensions could enable foreign governments to conduct surveillance of Americans.”

Also known as plugins and add-ons, extensions give browsers functionality not otherwise available. Ad blockers, language translators, HTTPS enforcers, grammar checkers, and cursor enhancers are just a few examples of legitimate extensions that can be downloaded either from browser-operated repositories or third-party websites.

• 

  Launching IE in Windows 10 immediate brings up a page suggesting Edge. [credit: Samuel Axon ]

Microsoft 365 apps will end support for Internet Explorer 11 by the end of 2021, Microsoft announced in a company blog post this week. It's a big step from the company, which is looking to move customers to its more modern Edge browser even as some enterprises are stuck on legacy systems running Internet Explorer (IE).

The change will begin with Microsoft Teams Web application, which will end IE support on November 30 of this year. Microsoft 365 applications will follow by August 17, 2021. Here's how Microsoft explained the 365 changes in its blog post:

Customers will have a degraded experience or will be unable to connect to Microsoft 365 apps and services on IE 11. For degraded experiences, new Microsoft 365 features will not be available or certain features may cease to work when accessing the app or service via IE 11.

That said, Redmond was careful to clarify that IE 11 is not going away. Many enterprises have proprietary Web applications that only work on that browser and are unlikely to drop it entirely in the immediate future.