Information Technology

Kyle Kucharski/ZDNETGoogle Chrome users who want to stay safe and secure will want to update their browser to the latest version. That’s because it contains a fix for a critical vulnerability that could cause Chrome to crash or even infect your system or device with malware.On Wednesday, Google released Chrome version 134.0.6998.117/.118 for Windows and Mac and 134.0.6998.117 for Linux. Rolling out over the next few days and weeks, this version offers several security fixes. But the patch for the critical vulnerability is the most important one.Also: I’ve tried nearly every browser out there and these are my top 6 (none are Chrome)As described in the NIST vulnerability database, CVE-2025-2476 points to “Use after free in Lens in Google Chrome prior to 134.0.6998.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.” And what does that mean in layman’s terms? Let’s break it down.”Use after free” is a type of memory corruption in which a program continues to use a block of memory even after it’s been freed. Lens in Google Chrome refers to the Google Lens tool that can search for and identify items you spot through your phone’s camera.”Heap corruption” means that someone could exploit data stored in the block of memory. And “a crafted HTML page” — in this instance — is a web page custom-designed for malicious purposes. Put them together, and any previous version of Chrome is susceptible to web pages created by attackers that would take advantage of corrupted memory to infect your PC with malware.Here’s a clever way to visualize this type of flaw. More

ZDNETAs a Google Maps user, I tend to assume that the listings I find in a search are real and legitimate. But that assumption could get me in trouble.Google recently discovered more than 10,000 phony listings in Google Maps, CBS News reported on Wednesday. The listings ran the gamut from blatantly fake businesses to legitimate accounts that had been hacked or hijacked by cybercriminals. In response, Google removed the listings and has filed a lawsuit against the alleged scammers behind them. The old bait-and-switch tacticIn an interview with CBS Mornings, Google General Counsel Halimah DeLaine Prado explained how one complaint uncovered a much wider plot. The probe started after a Texas business complained to Google that an unlicensed locksmith was impersonating them on Google Maps. In this hacked listing, the scammers replaced the existing phone number with a number of their own. Any person calling the new number would have been directed to a different locksmith who might have charged the consumer an exorbitant fee to fix a lock. This one incident led Google to ultimately discover a much greater number of fake listings. Also: 6 Google Maps tricks to tryRelying on the old bait-and-switch tactic, the particular scam was also successful because it targeted people in “duress verticals.” In these, the customer is usually in a vulnerable or urgent situation, such as being locked out of their home. The scammers count on this urgency to trick their victims, who may not realize they’re being scammed until it’s too late. “Online profiles are extremely valuable to businesses as well as consumers,” Prado said in the CBS interview. “Small and medium businesses use those listings for word of mouth and discoverability. Consumers use the reviews for those listings to make decisions on what service to use or not to use. A fake profile and a fake review undermine the trust you have in that ecosystem.” More

ZDNETOn March 14, 2025, a root certificate used to verify signed content and add-ons for Firefox and other Mozilla projects expired (note that Thunderbird does not do content verification, so that app will be unaffected). The expiration of this certificate will cause problems for Firefox users unless they update to version 128 (or ESR 115.13+). This includes versions for Linux, MacOS, Windows, Android, and iOS — in other words, all platforms.Also: I’ve tried nearly every browser out there and these are my top 6 (none are Chrome)Without updating, all features that rely on remote updates will cease to function, all add-ons will be automatically disabled, and DRM-protected content will stop playing. In addition, all systems dependent on content verification could stop functioning as expected.The web browser will continue to work, but much of what you do with it will be broken. Also: The Firefox I loved is gone – how to protect your privacy on it nowThis means every Firefox user around the world must update to the latest version; otherwise, they’ll find out the hard way that this upgrade isn’t optional. What is a root certificate? A root certificate is used to verify the authenticity of websites, add-ons, and software updates. Without a root certificate in place, your browser cannot verify these items, and you could wind up with malicious software on your hands.Root certificates are crucial for the following reasons: Top-level validation: When a website or application requests a digital certificate from an intermediate certificate authority, it can be validated by checking the signature against the root certificate.Trusted certificates: When you visit a website, your browser checks that each certificate in the chain is signed by a trusted root certificate.Security chain: Every certificate has an issuer that points to a certificate higher in the hierarchy, which forms a chain of trust from the website back to the root certificate. More

ZDNETMicrosoft’s Remote Desktop Protocol is a handy method for signing in to and controlling remote PCs and servers, especially for hybrid workers. But RDP is also an inviting target for cybercriminals looking to gain access to an organization’s network and other critical resources. That’s why using a strong and complex password for remote desktop accounts is vital. Unfortunately, this is an area where many people and companies fall short.Also: Hackers stole this engineer’s 1Password database. Could it happen to you?In a report released Tuesday, password security provider Specops revealed the top 10 most common passwords attackers use to exploit RDP connections. In total, more than 1 billion stolen passwords captured by cybercriminals in 2024 were included in the analysis. The results show that many people ignore standard best practices when creating passwords, even for important systems. Organizations that monitor their RDP servers have found hundreds or even thousands of failed login attempts from hackers, bots, ransomware gangs, and more. Once they find an open and exposed RDP port, attackers use brute force to try a large number of username and password combinations to gain access. The simpler the password, the quicker the attacker can gain and exploit access. Which passwords were the worst offenders?To little or no surprise, 123456 was the most common password stolen by malicious attacks. This indicates that many people are still turning to “keyboard walks” — passwords created by typing a string of adjacent keys on the keyboard.In second place was 1234, presumably chosen by people who couldnt be bothered to add the 5 and 6. Next up was Password1, followed by 12345.Also: How AI agents help hackers steal your confidential data – and what to do about itIn the fifth spot was P@sswOrd, suggesting that some people knew enough to add a special character, albeit to a still weak password. However, P@sswOrd may be popular because it meets the standard requirements of eight characters, one capital letter, one number, and one special character, according to Specops.Rounding out the list were password, Password123, Welcome1, 12345678, and Aa123456. The addition of Welcome1 could signal that many employees are given such weak temporary passwords to start but arent forced to change them. Otherwise, most of the top 10 used either a string of common numbers or some variation of the word password. More

Kerry Wan/ZDNETI love March Madness, at least when my team is invited to the Big Dance. I even enjoy watching other teams play their hearts out like everything is on the line — because it is. While NCAA basketball continues to be broadcast in standard HD, the games can look clear, bright, and beautiful on most modern TVs. Part of that appeal, though, is owed to your TV’s motion-smoothing capabilities. Also: How to watch March Madness 2025: The best streaming optionsFor many people, motion smoothing is only appropriate for gaming and watching live sports; enthusiasts typically prefer turning off the feature to watch anything else because it can detract from the filmmaker’s original intent, making on-screen images seem artificial or hyper-realistic. This is what’s called the “soap opera effect.” It’s a perfectly descriptive metaphor that probably requires no explanation. You can see it all too well: the cinematic film should not look like a daytime soap; you shouldn’t feel like you’re on the set with the actors. But it is appealing to feel like you’re in the stadium watching your team with thousands of fans. The soap opera effect makes sense for live sporting event broadcasts. More

ZDNETGenerative AI has stirred up as many conflicts as it has innovations — especially when it comes to security infrastructure.Enterprise security provider Cato Networks says it has discovered a new way to manipulate AI chatbots. On Tuesday, the company published its 2025 Cato CTRL Threat Report, which showed how a researcher — who Cato clarifies had “no prior malware coding experience” — was able to trick models, including DeepSeek R1 and V3, Microsoft Copilot, and OpenAI’s GPT-4o, into creating “fully functional” Chrome infostealers, or malware that steals saved login information from Chrome. This can include passwords, financial information, and other sensitive details. Also: This new tool lets you see how much of your data is exposed online – and it’s free”The researcher created a detailed fictional world where each gen AI tool played roles — with assigned tasks and challenges,” Cato’s accompanying release explains. “Through this narrative engineering, the researcher bypassed the security controls and effectively normalized restricted operations.” More

SEAN GLADWELL/Getty Images Like many people, cybercriminals are using artificial intelligence to help them work faster, easier, and smarter. With automated bots, account takeovers, and social engineering, a savvy scammer knows how to enhance their usual tactics with an AI spin. A new report from Gartner shows how this is playing out now and how […] More

Kerry Wan/ZDNETI love March Madness, at least when my team is invited to the Big Dance. I even enjoy watching other teams play their hearts out like everything is on the line — because it is. While NCAA basketball continues to be broadcast in standard HD, the games can look clear, bright, and beautiful on most modern TVs. Part of that appeal, though, is owed to your TV’s motion-smoothing capabilities. Also: How to watch March Madness 2025: The best streaming optionsFor many people, motion smoothing is only appropriate for gaming and watching live sports; enthusiasts typically prefer turning off the feature to watch anything else because it can detract from the filmmaker’s original intent, making on-screen images seem artificial or hyper-realistic. This is what’s called the “soap opera effect.” It’s a perfectly descriptive metaphor that probably requires no explanation. You can see it all too well: the cinematic film should not look like a daytime soap; you shouldn’t feel like you’re on the set with the actors. But it is appealing to feel like you’re in the stadium watching your team with thousands of fans. The soap opera effect makes sense for live sporting event broadcasts. More