Hot topics

Going elsewhere?

27.3 C
Singapore
27.1 C
Malaysia
34.3 C
Thailand
27.7 C
Philippines
25 C
Indonesia
14 C
Vietnam
36.1 C
Cambodia
36.4 C
Myanmar

Cybersecurity

ESET uncovers RansomHub links to rival gangs and highlights emerging EDR killer threats

ESET uncovers RansomHub’s links to rival gangs and reveals its custom EDR killer, signalling new threats in the ransomware landscape.

China-aligned hacker group FamousSparrow resurfaces in cyberattacks

ESET finds China-linked hacker group FamousSparrow still active with upgraded tools, targeting institutions in the US, Mexico and Honduras.

Global tech leaders to explore the future of enterprise at ATxEnterprise 2025

ATxEnterprise 2025 in Singapore will bring together global leaders to explore AI, cybersecurity, and the future of enterprise technology.

Most consumers now back up their data, but cloud storage limits push shift to hybrid solutions

87% of people now back up their data, but cloud limits and rising costs are driving a shift to hybrid storage solutions.

RedCurl group linked to new ransomware strain in first documented attack

Bitdefender uncovers RedCurl's first ransomware campaign, revealing QWCrypt's unique tactics and the group's evolving cyber threat model.

Marketing

Adobe: Redefining digital marketing in APAC through AI and privacy-first personalisation

Discover how Adobe helps APAC brands tackle data privacy, localise content, and embrace AI-driven marketing in a cookieless future.

Adobe introduces AI agents to Experience Cloud to improve customer experience delivery

Adobe unveils AI-powered features in Experience Cloud to help businesses deliver personalised customer journeys and better digital performance.

Adobe introduces new Firefly updates to streamline brand content production at scale

Adobe expands Firefly with video, 3D and GenStudio integration, helping brands scale on-brand content production with ease.

WeChat mini-game advertising sees 113% increase, creating new opportunities for developers

WeChat mini-game ads grew 113% in 2024, opening major growth chances for developers aiming to scale in China’s fast-moving mobile game market.

Duolingo’s Cybertruck stunt ‘kills’ mascot Duo, and users can’t get enough

Duolingo’s marketing stunt claims its mascot, Duo the Owl, was hit by a Cybertruck—boosting app engagement and sparking a viral campaign.

Southeast Asia

LinkedIn: How AI is reshaping hiring and workforce strategies in 2025

Discover how AI is transforming hiring and workforce strategies in 2025, from skills-based recruitment to internal mobility and continuous learning.

Kyberlife raises US$3 million to expand healthcare procurement in Southeast Asia

Singapore’s healthtech startup Kyberlife secures US$3 million to expand its digital procurement platform, streamlining healthcare supply chains in Southeast Asia.

ST Telemedia Global Data Centres gains NVIDIA AI certification to boost AI capabilities

ST Telemedia Global Data Centres has achieved certification under the NVIDIA DGX-Ready Data Center programme, boosting AI capabilities in Southeast Asia.

EduSpaze welcomes seven edtech startups in its 10th cohort to transform learning in Southeast Asia

EduSpaze welcomes seven edtech startups to its 10th cohort, focusing on AI-driven learning, job readiness, mental health, and workforce upskilling.

OPPO and Mobile Legends: Bang Bang launch biggest in-game event with 10,000 smartphones to be won

OPPO and MLBB launch their biggest in-game event, giving away 10,000 smartphones from 28 February to 1 April 2025.

Geek

Lego and Pokémon Company announce long-awaited collaboration

Lego has partnered with The Pokémon Company, and official Pokémon Lego sets will be available in stores in 2026.

Crunchyroll announces cinema release dates for Demon Slayer: Kimetsu no Yaiba Infinity Castle

Crunchyroll announces cinema release dates for Demon Slayer: Kimetsu no Yaiba Infinity Castle, starting 14 August 2025 in Singapore and Malaysia.

Aetherdrift brings high-speed action to Magic: The Gathering fans

MTG's Aetherdrift brings high-speed action, new mechanics, and exclusive collectibles in an epic multiverse race starting 7 February.

Crunchyroll and Sony partners unveil anime adaptation of Ghost of Tsushima: Legends

Crunchyroll, Aniplex, and Sony partners reveal Ghost of Tsushima: Legends anime adaptation, set for a 2027 release exclusively on Crunchyroll.

Evangelion store marks two decades with new merchandise and an anniversary fair

Celebrate 20 years of EVANGELION with exclusive merchandise and special gifts at the anniversary fair, only at the EVANGELION STORE.

Hot topics

Going elsewhere?

27.3 C
Singapore
27.1 C
Malaysia
34.3 C
Thailand
27.7 C
Philippines
25 C
Indonesia
14 C
Vietnam
36.1 C
Cambodia
36.4 C
Myanmar

Cybersecurity

ESET uncovers RansomHub links to rival gangs and highlights emerging EDR killer threats

ESET uncovers RansomHub’s links to rival gangs and reveals its custom EDR killer, signalling new threats in the ransomware landscape.

China-aligned hacker group FamousSparrow resurfaces in cyberattacks

ESET finds China-linked hacker group FamousSparrow still active with upgraded tools, targeting institutions in the US, Mexico and Honduras.

Global tech leaders to explore the future of enterprise at ATxEnterprise 2025

ATxEnterprise 2025 in Singapore will bring together global leaders to explore AI, cybersecurity, and the future of enterprise technology.

Most consumers now back up their data, but cloud storage limits push shift to hybrid solutions

87% of people now back up their data, but cloud limits and rising costs are driving a shift to hybrid storage solutions.

RedCurl group linked to new ransomware strain in first documented attack

Bitdefender uncovers RedCurl's first ransomware campaign, revealing QWCrypt's unique tactics and the group's evolving cyber threat model.

Marketing

Adobe: Redefining digital marketing in APAC through AI and privacy-first personalisation

Discover how Adobe helps APAC brands tackle data privacy, localise content, and embrace AI-driven marketing in a cookieless future.

Adobe introduces AI agents to Experience Cloud to improve customer experience delivery

Adobe unveils AI-powered features in Experience Cloud to help businesses deliver personalised customer journeys and better digital performance.

Adobe introduces new Firefly updates to streamline brand content production at scale

Adobe expands Firefly with video, 3D and GenStudio integration, helping brands scale on-brand content production with ease.

WeChat mini-game advertising sees 113% increase, creating new opportunities for developers

WeChat mini-game ads grew 113% in 2024, opening major growth chances for developers aiming to scale in China’s fast-moving mobile game market.

Duolingo’s Cybertruck stunt ‘kills’ mascot Duo, and users can’t get enough

Duolingo’s marketing stunt claims its mascot, Duo the Owl, was hit by a Cybertruck—boosting app engagement and sparking a viral campaign.

Southeast Asia

LinkedIn: How AI is reshaping hiring and workforce strategies in 2025

Discover how AI is transforming hiring and workforce strategies in 2025, from skills-based recruitment to internal mobility and continuous learning.

Kyberlife raises US$3 million to expand healthcare procurement in Southeast Asia

Singapore’s healthtech startup Kyberlife secures US$3 million to expand its digital procurement platform, streamlining healthcare supply chains in Southeast Asia.

ST Telemedia Global Data Centres gains NVIDIA AI certification to boost AI capabilities

ST Telemedia Global Data Centres has achieved certification under the NVIDIA DGX-Ready Data Center programme, boosting AI capabilities in Southeast Asia.

EduSpaze welcomes seven edtech startups in its 10th cohort to transform learning in Southeast Asia

EduSpaze welcomes seven edtech startups to its 10th cohort, focusing on AI-driven learning, job readiness, mental health, and workforce upskilling.

OPPO and Mobile Legends: Bang Bang launch biggest in-game event with 10,000 smartphones to be won

OPPO and MLBB launch their biggest in-game event, giving away 10,000 smartphones from 28 February to 1 April 2025.

Geek

Lego and Pokémon Company announce long-awaited collaboration

Lego has partnered with The Pokémon Company, and official Pokémon Lego sets will be available in stores in 2026.

Crunchyroll announces cinema release dates for Demon Slayer: Kimetsu no Yaiba Infinity Castle

Crunchyroll announces cinema release dates for Demon Slayer: Kimetsu no Yaiba Infinity Castle, starting 14 August 2025 in Singapore and Malaysia.

Aetherdrift brings high-speed action to Magic: The Gathering fans

MTG's Aetherdrift brings high-speed action, new mechanics, and exclusive collectibles in an epic multiverse race starting 7 February.

Crunchyroll and Sony partners unveil anime adaptation of Ghost of Tsushima: Legends

Crunchyroll, Aniplex, and Sony partners reveal Ghost of Tsushima: Legends anime adaptation, set for a 2027 release exclusively on Crunchyroll.

Evangelion store marks two decades with new merchandise and an anniversary fair

Celebrate 20 years of EVANGELION with exclusive merchandise and special gifts at the anniversary fair, only at the EVANGELION STORE.
Monday, 31 March 2025
27.3 C
Singapore
34.3 C
Thailand
25 C
Indonesia
27.7 C
Philippines

QR codes could bypass browser security tool: Here’s how

Learn how QR codes could bypass browser isolation security, allowing malware communication despite sandboxing. Find out the risks and limits.

Cybersecurity experts have uncovered a surprising new method to bypass an essential browser security feature, even when advanced measures protect the browser. Researchers at Mandiant have demonstrated how QR codes can be exploited to enable malware to communicate with its command-and-control (C2) servers, even when a browser operates in an isolated or sandboxed environment.

What is browser isolation?

Browser isolation is a modern cybersecurity method that safeguards users from web-borne threats. Instead of allowing code and scripts to execute directly on your device, your browser communicates with a remote browser located in a cloud environment or virtual machine. You only receive a visual representation of the web page while all code and commands are processed on the remote system.

This approach effectively creates a barrier between your device and malicious websites, functioning like browsing through the lens of a camera. While this has been a significant step in preventing cyberattacks, the new findings suggest that even this advanced method is not foolproof.

The loophole: How QR codes play a role

Mandiant researchers have discovered a way for C2 servers to interact with malware on an infected device, even when browser isolation is active. The key lies in QR codes. When malware is present on a device, it can analyse the pixels rendered on the screen. If these pixels form a QR code, the malware can decode and use the information to execute further actions.

Mandiant demonstrated this vulnerability using the latest version of Google Chrome to prove the concept. They employed Cobalt Strike’s External C2 feature, a popular penetration testing tool, to showcase how the malware could receive instructions via QR codes.

Limitations of this method

Despite its potential, this technique has significant limitations. QR codes can only transmit a small amount of data—up to 2,189 bytes. Additionally, the process suffers from a latency of about five seconds, making it unsuitable for transmitting large payloads or supporting complex actions like SOCKS proxying.

Further security measures, such as URL scanning or data loss prevention systems, could render this method ineffective. These tools can detect unusual activity or block QR code data streams before damage is done.

While this method may seem impractical for large-scale attacks, it could still be used in targeted, destructive malware campaigns. As a result, IT teams are being urged to remain vigilant. Special attention should be given to monitoring the flow of traffic, especially from headless browsers operating in automation mode, which attackers commonly use to exploit vulnerabilities.

This discovery underscores the evolving nature of cyber threats and highlights the need for continuous advancements in security measures.

Hot this week

Mobvista’s XMP and AdsPolar recognised as Meta AdTech Business Partners

Mobvista’s XMP and AdsPolar gain Meta AdTech Partner status, giving users early access to tools, insights, and expert campaign support.

How Chinese EVs are powering Southeast Asia’s ‘Green Revolution’?

Learn how Chinese EV makers are revolutionising Southeast Asia’s automotive market with innovative strategies, sustainable solutions, and rapid growth.

Canon unveils new cameras and lens to support content creators’ video needs

Canon unveils video-focused EOS R50 V, PowerShot V1, and power zoom lens to support creators with new filming and livestreaming features.

Google Assistant to be phased out on Waze for iPhone

Waze is removing Google Assistant from iPhones due to issues and plans to upgrade with improved voice integration, possibly using Gemini.

Intel remains on course for next-gen CPUs

Intel CEO Lip-Bu Tan confirms that next-gen CPUs, including Panther Lake and Nova Lake, remain on track, with Panther Lake arriving in 2025.

Samsung’s new AI fridges help find lost phones and control smart homes

Samsung's new AI-powered fridges can help you find lost phones and control smart home devices with voice commands, making life easier and more connected.

LinkedIn: How AI is reshaping hiring and workforce strategies in 2025

Discover how AI is transforming hiring and workforce strategies in 2025, from skills-based recruitment to internal mobility and continuous learning.

Fitbit users now have until 2026 to migrate to Google accounts

Fitbit users now have until February 2, 2026, to migrate their accounts to Google accounts or risk losing their data and service access.

Microsoft removes Windows 11 loophole for skipping account setup

Microsoft is blocking a well-known workaround that lets you set up Windows 11 without a Microsoft account, enforcing stricter installation rules.

Related Articles