A bug found in all major browsers could make it easier for criminals to steal online banking credentials using a new type of attack called "in-session phishing," according to researchers at security vendor Trusteer. In-session phishing (pdf) gives the bad guys a solution to the biggest problem facing phishers these days: how to reach new victims. In a traditional phishing attack, the scammers send out millions of phoney e-mail messages disguised to look like they come from legitimate companies, such as banks or online payment companies.

Full Article