Welcome back to this week's Security Bulletins.
Let’s kick this week off with new releases from web browser giants Google Chrome and Mozilla Firefox. Google has released the stable version 78.0.3904.70 with some security updates and stability improvements. But the highlight of this release is that Chrome finally begins to support DNS over HTTPS (DoH) which has been supported by Mozilla for quite a while now. One key difference between the implementation of these two browsers is that Firefox forces you to use the Cloudflare DNS for DoH whereas Chrome first checks whether your DNS provider supports DoH if yes then it uses DoH with that provider. Mozilla has updated its Firefox browser to version 70.0 with improvements in social tracking protection and a breach notification feature which alerts you if the sites you are visiting have been compromised recently.
Sim swapping exploit has been kind of a hot weapon this year. Twitter's CEO Jack Dorsay being one of the high profile victims of this attack. These attack techniques are a very serious concern as most companies use SMS messages and phone calls as a second factor of authentication. Sim swapping attacks are used to impersonate users by adding a second phone under their account and thereby receive messages and phone calls that are intended for the victim. In response to these attacks, the Federal Trade Commission has come up with several guidelines on how to stay protected against these types of attacks, which includes protecting your cellular accounts with pin or password and to avoid the use of phone numbers as the second factor of authentication.
If you are concerned about your privacy, with all the companies monitoring your existence on the web for profit, you might have heard about the Tails operating the system. It is a privacy-focused Linux distribution that you can use with the live boot mode and thereby erasing all data each time you log out. It also comes with additional components such as the Tor browser and several cryptographic tools to aid in being anonymous online. They have now released version 4.0 with some much-awaited changes. First of all popular Open Source password manager KeePassX has been replaced with more actively developed KeePassXC. The Tor Browser has been upgraded to version 0.9.0 and the anonymous file-sharing application OnionShare has been upgraded to version 1.3.2 with some usability improvements.