Interpol led 19 African countries in a massive anti-cybercriminal effort dubbed "Operation Serengeti" that shut down a range of scams and attacks that bled $193 million from 35,000 victims. More than 1,000 people were arrested and more than 134,000 malicious infrastructures shut down.

The post Interpol, African Nations Arrest 1,006 in Sweeping ‘Operation Serengeti’ appeared first on Security Boulevard.

Coffee store giant Starbucks was among other organizations affected by a ransomware attack this month on cloud managed service provider Blue Yonder, a Panasonic subsidiary that has more than 3,000 customers. Two UK grocery chains also were impacted.

The post Supply Chain Ransomware Attack Hits Starbucks, UK Grocers appeared first on Security Boulevard.

RAID FAIL: NAS Maker does a CrowdStrike—cleanup on /dev/dsk/c1t2d3s4 please

The post QNAP’s Buggy Security Fix Causes Chaos appeared first on Security Boulevard.

The post Privileged Account Security in Active Directory appeared first on Security Boulevard.

The post Understanding Privileged Access Management (PAM): A Comprehensive Guide appeared first on Security Boulevard.

EnamelPins, which manufactures and sells medals, pins, and other emblematic accessories, for months left open an Elasticsearch instance that exposed 300,000 customer emails, including 2,500 from military and government personnel. The company, based in California, also has links to China, Cybernews researchers wrote.

The post Huge Leak of Customer Data Includes Military Personnel Info appeared first on Security Boulevard.

The post Stay Safe Online This Black Friday: Protect Your Digital Security While Scoring the Best Deals appeared first on BlackCloak | Protect Your Digital Life™.

The post Stay Safe Online This Black Friday: Protect Your Digital Security While Scoring the Best Deals appeared first on Security Boulevard.

U.S. officials are pushing back at the ongoing threats posted by Chinese state-sponsored hackers like Volt Typhoon and Salt Typhoon, which have infiltrated critical infrastructure organizations to steal information and preposition themselves in case of a conflict breaking out between the two countries.

The post The Cyberthreats from China are Ongoing: U.S. Officials appeared first on Security Boulevard.

The post Deepfake Fraud, Data Brokers Tracking Military Personnel appeared first on Shared Security Podcast.

The post Deepfake Fraud, Data Brokers Tracking Military Personnel appeared first on Security Boulevard.

Surprisingly, many of these suspicious extensions are Chrome featured, a stamp of approval that many users, and often security teams, use as an indication of legitimacy and safety of browser extensions. While Google does its best to vet these technologies, there are over 100,000 active extensions on Chrome Store, making it impossible to keep track of all updates. On average, it takes 380 days for extensions with malware to be taken down from the Chrome Store.

Attackers exploit this fact by compromising or purchasing the rights to benign, popular extensions and turn them into malicious extensions, without users being aware of updates. One such case study is seen in the PDF Toolbox and Autoskip of YouTube malicious extensions uncovered by Palant. With 2 and 9 million downloads each, these seemingly benign extensions enter adware links into search bars against the user’s will.

This is just one way that extensions can exploit users. Five common browser extension based attacks include:

1. Data Exfiltration

Attackers can collect rich data on user behaviour, selling them to companies and targeted ad providers. More targeted attacks can involve using extensions as spyware to read confidential information such as intellectual property, emails and other sensitive information. For companies, such data breaches can lead to expensive class action lawsuits, damage to brand reputation and loss of competitive edge for IP-sensitive companies.

2. Credential stealing

Extensions can gain access to PII such as credit card numbers and social security numbers, as well as gain access to banking and social media accounts. More advanced attackers can even silently add a collaborator to a developer’s GitHub repo, taking their code repo as hostage for ransomware. Since the White House banned most ransom payments in 2023, this poses a huge dilemma when platforms and resources critical to business are being held up by ransomware.

3. Adware & misinformation spreading

Attackers often use extensions to redirect users to ad pages or embed ads into websites without the user knowing. This not only significantly impairs the user’s productivity and experience by slowing down the browser, but may lead to subsequent infection with spyware/ransomware. A similar technique can also be used to display fake search results and spread false information.

4. Cryptojacking

One of the simplest ways to steal cryptocurrency involves injecting the attacker’s wallet address into the recipient field just as the user hits the transfer button, redirecting any currency flow to the attacker’s account. This could lead to significant personal financial loss and reputational damage for crypto exchanges.

5. Malware spreading

Through extensions, attackers can initiate malware downloads without the user’s permission. Smarter attackers can even trigger these downloads when users are on trusted sites (e.g. Zoom, Salesforce) and mask them as software updates to minimise suspicion.

This got me curious about how easy it is to purchase the rights to a Chrome featured extension. Hence, posing as an EdTech founder, I approached the authors of several translation extensions to see if they were willing to sell their extensions to me. I focused on those that had not updated their extension in at least 12 months but had at least 10,000 downloads on Chrome store. It turns out, once a price is agreed upon, all it took was for the author to hand over the credentials to their Chrome account, which would give me completely free access to the extension’s code repo.

If getting access to extensions already installed on millions of devices was indeed as simple as a price negotiation, there is a huge dissonance with the risk management of browser extensions. Speaking to over a dozen security experts, it is evident that most security teams whitelist extensions once do not have an active monitoring strategy for browser extensions. Even if they do, whitelists are reviewed on a 1–3 year basis, with no way of knowing when a benign extension becomes malicious.

In this case, how can one protect oneself against malicious browser extensions? Here are a couple of best practices:

• Read, read, read — read reviews, especially negative ones, thoroughly. Do this even for Chrome featured and popular extensions. Index on more recent reviews.
• Check when the extension was last updated — generally, the longer a software goes without an update, the more likely it is unmanaged and vulnerable to attacks. While there is no magic number, I generally get nervous when installing extensions with no updates in more than 3–6 months.
• Chuck it — uninstall or disable extensions when you don’t need it. I know it is a bit of extra work, but generally the less on, the safer.
• Have runtime control — the best way to guarantee extension safety is to use a tool that automatically disables and/or alerts you whenever an extension turns malicious, is updated or goes too long without being updated (depending on your risk appetite).

The Hidden Dangers of Browser Extensions: Where Google’s MV3 Still Fall Short was originally published in SquareX Labs on Medium, where people are continuing the conversation by highlighting and responding to this story.

The post The Hidden Dangers of Browser Extensions: Where Google’s MV3 Still Fall Short appeared first on Security Boulevard.