
Trump's Tariff War: China Urges Immediate Repeal of Tariffs Amid Countermeasures
Section: News
In a significant security breach, researchers have identified 33 malicious browser extensions available on the Google Chrome Web Store, impacting around 2.6 million devices. These extensions have been operating covertly for months, gathering sensitive data, including user credentials and browsing history.
The alarming discovery was made by Cyberhaven, a data loss prevention service, which found that one of its extensions had been compromised. The malicious version of the extension was active for only 31 hours over the holiday period, from December 25 to December 26, 2024. Users who had the extension running during this time were automatically updated to the compromised version, which was designed to harvest sensitive information.
The breach originated from a spear phishing email sent to the developers of the Cyberhaven extension, warning them of compliance issues with Google's policies. This email included a link that provided an attacker with permission to upload new versions of the extension to the Chrome Web Store. This led to the deployment of version 24.10.4, which was found to collect browser cookies and authentication credentials from users.
As the situation unfolded, it became clear that the attack was not an isolated incident. Other extensions were similarly affected, with at least 19 additional extensions identified as part of the same campaign. Collectively, these extensions had garnered about 1.46 million downloads. Security experts noted that such incidents highlight the ongoing vulnerabilities associated with browser extensions, which are often overlooked in broader cybersecurity strategies.
One of the targeted extensions, Reader Mode, had been compromised in two separate campaigns. An analysis revealed that it utilized a code library that developers often integrate to monetize their extensions, inadvertently enabling data collection on user activity. A total of 13 Chrome extensions were linked to this data collection library, with a combined installation total of 1.14 million.
Experts emphasize that managing browser extensions is frequently deprioritized in organizational security programs. The recent incidents serve as a reminder of the potential dangers posed by seemingly benign browser add-ons, which can become conduits for malicious activities.
In response to the breaches, organizations are advised to take proactive measures. Implementing a browser asset management list can help control which extensions are permitted to run, though it is critical to ensure that only trusted versions are allowed. Users who have installed any of the compromised extensions should consider changing their passwords and reviewing their authentication credentials to mitigate potential risks.
As the landscape of cybersecurity continues to evolve, incidents such as this highlight the importance of vigilance and robust security measures in an increasingly digital world.
Section: News
Section: News
Section: Health
Section: News
Section: News
Section: Travel
Section: News
Section: News
Section: Politics
Section: Arts
Health Insurance in Germany is compulsory and sometimes complicated, not to mention expensive. As an expat, you are required to navigate this landscape within weeks of arriving, so check our FAQ on PKV. For our guide on resources and access to agents who can give you a competitive quote, try our PKV Cost comparison tool.
Germany is famous for its medical expertise and extensive number of hospitals and clinics. See this comprehensive directory of hospitals and clinics across the country, complete with links to their websites, addresses, contact info, and specializations/services.
Experience the extraordinary talent of Evgeny Kissin, a pianist who seamlessly merges with the music, producing a sound that resonates with raw power. Renowned as a genius pianist and a virtuosic musician, Kissin embodies the captivating union of the artist with his instrument, showcasing the...
No comments yet. Be the first to comment!