Tag: browser
-
Hotel chain ditches Google search for DuckDuckGo, ‘subjected to fraud attempts daily’
Tags: apple, attack, authentication, browser, chrome, cloud, control, cybercrime, cybersecurity, data-breach, fraud, google, jobs, malware, mfa, monitoring, phishing, privacy, ransomware, risk, scam, service, tool, windowsAt the end of 2021, Nordic Choice Hotels, now renamed Strawberry, was hit by a major ransomware attack that paralyzed operations for just over a week. Everything had to be done manually, says Martin Belak, who is responsible for the hotel chain’s technical security.”The receptionists worked with whiteboards to keep track of which rooms were…
-
Malware targets Mac users by using Apple’s security tool
A variant of the Banshee macOS infostealer was seen duping detection systems with new string encryption copied from Apple’s in-house algorithm.A Check Point research, which caught the variant after two months of successful evasion, said threat actors distributed Banshee using phishing websites and fake GitHub repositories, often impersonating popular software like Google Chrome, Telegram, and…
-
Zugriff auf interne Systeme: Forscher hackt Facebook und erhält 100.000 US-Dollar
Durch eine Sicherheitslücke im Chrome-Browser konnte ein Forscher einen Server von Facebook infiltrieren. Meta zahlte ihm eine üppige Belohnung. First seen on golem.de Jump to article: www.golem.de/news/zugriff-auf-interne-systeme-forscher-hackt-facebook-und-erhaelt-100-000-us-dollar-2501-192305.html
-
Here’s how hucksters are manipulating Google to promote shady Chrome extensions
How do you stash 18,000 keywords into a description? Turns out it’s easy. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/01/googles-chrome-web-store-has-a-serious-spam-problem-promoting-shady-extensions/
-
Chrome Security Update Patch for Multiple Security Vulnerabilities
Google has released an update for its Chrome web browser, advancing to version 131.0.6778.264/.265 for Windows and Mac, and 131.0.6778.264 for Linux. This update addresses a series of critical security vulnerabilities and will be rolled out gradually over the coming days and weeks. Users are encouraged to update their browsers to benefit from these vital…
-
Chrome 131, Firefox 134 Updates Patch High-Severity Vulnerabilities
Chrome and Firefox updates released this week resolve high-severity vulnerabilities in the two popular browsers. The post Chrome 131, Firefox 134 Updates Patch High-Severity Vulnerabilities appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/chrome-131-firefox-134-updates-patch-high-severity-vulnerabilities/
-
Webbrowser: Chrome- und Firefox-Updates stopfen teils hochriskante Lücken
Neue Versionen von Google Chrome und Mozilla Firefox schließen Sicherheitslücken in den Webbrowsern. Einige gelten als hochriskant. First seen on heise.de Jump to article: www.heise.de/news/Webbrowser-Chrome-und-Firefox-Updates-stopfen-teils-hochriskante-Luecken-10231176.html
-
Böse Weihnachtsüberraschung: Hacker übernehmen Chrome-Erweiterungen
First seen on t3n.de Jump to article: t3n.de/news/boese-weihnachtsueberraschung-hacker-uebernehmen-chrome-erweiterungen-1665791/
-
Malicious EditThisCookie Extension Attacking Chrome Users to Steal Data
The popular cookie management extension EditThisCookie has been the target of a malicious impersonation. Originally a trusted tool for Chrome users, EditThisCookie allowed users to manage cookie data in their browsers. However, after significant scrutiny, the legitimate version has been removed from the Chrome Web Store, leaving users vulnerable to a fake extension that has…
-
Privacy Roundup: Week 1 of Year 2025
Tags: access, ai, android, apple, authentication, botnet, breach, browser, business, captcha, chrome, compliance, cve, cybersecurity, data, data-breach, detection, email, encryption, exploit, finance, firmware, flaw, google, group, hacker, healthcare, HIPAA, infrastructure, injection, Internet, law, leak, login, malware, open-source, password, phishing, privacy, router, service, software, threat, tool, update, virus, vulnerabilityThis is a news item roundup of privacy or privacy-related news items for 29 DEC 2024 – 4 JAN 2024. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things overlap; for…
-
Google Chrome is making it easier to share specific parts of long PDFs
Google is adding the Text Fragment feature to its PDF reader to make it easier to share specific parts of long PDFs. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/google/google-chrome-is-making-it-easier-to-share-specific-parts-of-long-pdfs/
-
36 Chrome Extensions Compromised in Supply Chain Attack
Developers Listed as Public Contact Points Targeted in Phishing Campaign. A supply chain attack that subverted legitimate Google Chrome browser extensions to inject data-stealing malware is more widespread than security researchers first suspected. So far researchers have identified 36 subverted extensions collectively used by 2.6 million people. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/36-chrome-extensions-compromised-in-supply-chain-attack-a-27207
-
Schädliche Versionen von zahlreichen Chrome-Erweiterungen in Umlauf
Über die Weihnachtstage verschafften sich die Täter Zugriff auf diverse Chrome-Extensions in einigen Fällen sogar schon deutlich früher. First seen on heise.de Jump to article: www.heise.de/news/Nach-Phishing-Angriff-Schaedliche-Erweiterungen-in-Chrome-Web-Store-geschleust-10224745.html
-
LegionLoader Abusing Chrome Extensions To Deliver Infostealer Malware
LegionLoader, a C/C++ downloader malware, first seen in 2019, delivers payloads like malicious Chrome extensions, which can manipulate emails, track browsing, and even transform infected browsers into proxies for attackers, enabling them to browse the web with the victim’s credentials. It has been observed distributing various stealers through Chrome extensions since August 2024, including LummaC2,…
-
Chrome Extension Compromises Highlight Software Supply Challenges
The Christmas Eve compromise of data-security firm Cyberhaven’s Chrome extension spotlights the challenges in shoring up third-party software supply chains. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/chrome-extension-compromises-highlight-software-supply-challenges
-
Time to check if you ran any of these 33 malicious Chrome extensions
Two separate campaigns have been stealing credentials and browsing history for months. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/01/dozens-of-backdoored-chrome-extensions-discovered-on-2-6-million-devices/
-
Dozens of Chrome extensions hacked in threat campaign
Although data security vendor Cyberhaven disclosed that its Chrome extension was compromised on Dec. 24, additional research suggests the broader campaign could be months older. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366617636/Dozens-of-Chrome-extensions-hacked-in-threat-campaign
-
Millionen Nutzer gefährdet: Schadcode in 36 Chrome-Extensions eingeschleust
Bei den betroffenen Chrome-Erweiterungen handelt es sich um KI-Tools, Passwortmanager, VPNs und mehr. Zusammen kommen sie auf 2,6 Millionen Nutzer. First seen on golem.de Jump to article: www.golem.de/news/millionen-nutzer-gefaehrdet-schadcode-in-36-chrome-extensions-eingeschleust-2501-192093.html
-
35+ Chrome Extensions Compromised: 2.5 Million Users at Risk
In a detailed report from Team Axon”, led by Alon Klayman and Uri Kornitzer”, researchers have revealed on a sophisticated First seen on securityonline.info Jump to article: securityonline.info/35-chrome-extensions-compromised-2-5-million-users-at-risk/
-
Hackers target dozens of VPN and AI extensions for Google Chrome to compromise data
As of Wednesday, a total of 36 Chrome extensions injected with data-stealing code have been detected, mostly related to artificial intelligence tools and virtual private networks.]]> First seen on therecord.media Jump to article: therecord.media/hackers-target-vpn-ai-extensions-google-chrome-malicious-updates
-
More details on widespread Chrome extension compromise emerge
First seen on scworld.com Jump to article: www.scworld.com/brief/more-details-on-widespread-chrome-extension-compromise-emerge
-
Dozens of Chrome Extensions Hacked, Exposing Millions of Users to Data Theft
A new attack campaign has targeted known Chrome browser extensions, leading to at least 35 extensions being compromised and exposing over 2.6 million users to data exposure and credential theft.The attack targeted publishers of browser extensions on the Chrome Web Store via a phishing campaign and used their access permissions to insert malicious code into…
-
Exposing the Rogue Cyberheaven Compromised Chrome VPN Extensions Ecosystem An Analysis
Here we go. It appears that the individuals behind the successful compromise of the Cyberheaven VPN Chrome extensions are currently busy or at least have several other upcoming and in the works campaigns targeting several other vendors of Chrome VPN extensions. The first example is hxxp://censortracker.pro which apparently aims to target the legitimate (hxxp://censortracker.org). Relate…
-
Chrome extensions compromised in Christmas Day supply chain attack
First seen on scworld.com Jump to article: www.scworld.com/news/chrome-extensions-compromised-in-christmas-day-supply-chain-attack
-
New details reveal how hackers hijacked 35 Google Chrome extensions
New details have emerged about a phishing campaign targeting Chrome browser extension developers that led to the compromise of at least thirty-five extensions to inject data-stealing code, including those from cybersecurity firm Cyberhaven. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-details-reveal-how-hackers-hijacked-35-google-chrome-extensions/
-
Hacking campaign compromised at least 16 Chrome browser extensions
Threat actors compromised at least 16 Chrome browser extensions leading to the exposure of data from over 600,000 users. A supply chain attack compromised 16 Chrome browser extensions, exposing over 600,000 users. Threat actors targeted the publishers of the extensions on the Chrome Web Store via phishing messages, then once obtained access to their account…
-
Cyberhaven Chrome Extension Hack Linked to Widening Supply Chain Campaign
The recent compromise of Cyberhaven’s Chrome extension appears to be part of a broad campaign that started over a year ago. The post Cyberhaven Chrome Extension Hack Linked to Widening Supply Chain Campaign appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/cyberhaven-chrome-extension-hack-linked-to-widening-supply-chain-campaign/