1. Forum
  2. TQWNet
  3. TQW GENTECH

  • Google Chrome extensions targeted by hackers to steal user passwo

    From TechnologyDaily@1337:1/100 to All on Monday, December 30, 2024 11:15:05
    Google Chrome extensions targeted by hackers to steal user passwords

    Date:
    Mon, 30 Dec 2024 11:02:00 +0000

    Description:
    Cyberattack hits users on Christmas Day, but was reportedly resolved in less than 60 minutes.

    FULL STORY ======================================================================Christma s Eve attack sees Cyberhaven Chrome extension hit Some data could have been exfiltrated, Cyberhaven systems secure Users are being told to change their passwords

    Cyberhaven has confirmed its Google Chrome extension was the subject of a Christmas Eve cyberattack, exposing sensitive customer data like passwords
    and session tokens.

    In a statement , the data loss prevention company noted the attack showed signs of being part of a wider campaign to target other companies, too.

    The attack started as many others do an employee fell for a phishing email and shared their credentials, giving the threat actor access to Cyberhavens systems. Cyberhaven shares details of Christmas Eve attack

    More specifically, the attacker obtained the workers Google Chrome Web Store credentials, allowing them to post a malicious version of its Chrome
    extension to the marketplace. Only version 24.10.4 was affected on Chrome-based browsers that auto-updated; the code was active between 1:32 AM UTC on December 25 and 2:50 AM UTC on December 26.

    CEO Howard Ting said the compromise was detected by the firms security team
    at 11:54 PM UTC on Christmas Day it was removed within an hour, noting, Im proud of how quickly our team reacted, with virtually everyone in the company interrupting their holiday plans to serve our customers, and acting with the transparency that is core to our company values.

    No other Cyberhaven systems, such as CI/CD processes and code signing keys, were compromised, however users cookies and authenticated sessions for
    certain targeted websites could have been exfiltrated.

    Users are now being advised to maintain basic internet hygiene principles, such as ensuring that their extensions are up to date (in this case, version 24.10.5 or newer), reviewing logs for suspicious activity, and revoking or rotating all passwords that aren't FIDOv2.

    The company has already implemented additional security measures to prevent similar future attacks and is actively cooperating with law enforcement. You might also like Weve listed the best privacy tools and anonymous browsers Consider keeping your credentials safe with the best password managers Apache Foundation urges users to patch now and fix major security worries



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/google-chrome-extensions-targeted-by-ha ckers-to-steal-user-passwords


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)