Search the Community
Showing results for tags 'cyber'.
Found 2 results
-
Chrome extensions - Discovery of a Massive Surveillance Campaign
GHARIB posted a topic in Technology
HIGHLIGHTS: - More than 33 million downloads - 111 malicious or fake Chrome extensions (from the GOOGLE Official Store - removed in JUNE 2020) - 15,160 malicious/suspicious domains MILLIONS of Google Chrome users may have had their intimate web browsing history hacked as security experts discover malicious spyware extensions, which have been downloaded more than 30 million times. Exemple of FAKE extension (infected): Discovered by Awake Security Team, these 3 months they have harvested 111 malicious or fake Chrome extensions using GalComm domains for attacker command and control infrastructure and/or as loader pages for the extensions. These extensions can take screenshots, read the clipboard, harvest credential tokens stored in cookies or parameters, grab user keystrokes (like passwords), etc. After analyzing more than 100 networks across financial services, oil and gas, media and entertainment, healthcare and pharmaceuticals, retail, high-tech, higher education and government organizations, Awake discovered that the actors behind these activities have established a persistent foothold in almost every network. Fortunately, these were live until May 2020 when they were finally reported to Google by the researchers and got removed from the Chrome store. For further information: https://awakesecurity.com/white-papers/the-internets-new-arms-dealers-malicious-domain-registrars/
-
There's a way to compromise a home network without actually being on it. It's called "cross-site request forgery." It starts by redirecting a user to a malicious website, typically by phishing. The site uses the prey's browser to send requests to the home router. The router thinks the prey is sending the requests from the home network. "Home routers are very naive," said Incapsula's Ofer Gayer. Most consumers pay as much attention to routers as they do to doorknobs. That's not the case with Net marauders. They're finding the devices ripe targets for mischief. "We've seen a big increase in malware designed for home routers," said Incapsula researcher Ofer Gayer. "Every week, we see a new vulnerability in a vendor's routers," he told TechNewsWorld. "They're low-hanging fruit if you're a hacker. They're a very soft target." Home routers are the soft underbelly of the Internet, observed Andrew Conway, a threat researcher at Cloudmark. "They were never designed to be high security components, and once they are installed, they are typically never updated," he told TechNewsWorld. "Even when vulnerabilities are discovered, a vendor may not patch their firmware -- and if they do, the patches are rarely applied," Conway said. Cross-Site Shenanigans As soft a target as routers may be, they have been protected by a restriction on how their settings can be altered. Typically, you have to be on a network locally before you can access and change those settings. That's not always the case, though, as Incapsula recently pointed out. Incapsula discovered one router maker had installed what was essentially a backdoor in its products to make it easier to service the routers. Unfortunately, Net miscreants discovered what the router maker had done, and they began herding many of the routers together to mount distributed denial-of-service attacks. "Routers are strong enough today to create a pretty significant denial-of-service attack," Gayer said. Even if your router maker doesn't put a backdoor in your router, there's a way to compromise a home network without actually being on it. It's called "cross-site request forgery." It starts by redirecting a user to a malicious website, typically by some kind of phishing email. The site uses the prey's browser to send requests to the home router. The router thinks the prey is sending the requests from the home network. "Home routers are very naive," Gayer explained. Once a predator opens up the channel between the prey's browser and the router, a host of options become available. "I can change whatever I want," Gayer noted. "I can change the DNS server. I can open a hole in the firewall. I can change the admin password." To do all that, no access to the router is needed. "I just make you perform the requests by redirecting you," Gayer said. Targeting Uncle Sam Last week wasn't the best of times for federal employees. The decibel level of the furor over the Office of Personnel Management data breach continued to rise. It didn't take long for signs to appear that Net bandits were putting the stolen data to use. For example, an Army base in Alabama warned its employees of a phishing email purporting to be from the OPM and directing targets to a website where personal information could be cajoled from them. Meanwhile, OneWorldLabs, which monitors the Dark Net, spotted data apparently from the OPM breach for sale. If that were the case, though, it would throw cold water on the idea that the Chinese government was behind the OPM break-in, since it likely would keep the data under wraps and not be trying to sell it to cybercriminals. Nevertheless, most of the U.S. finger-pointing has been toward Beijing. "China would like to be in every U.S. system on some level," said Jared DeMott, principal security researcher at Bromium. "The data the hackers stole could just be the initial phase of the attack, while moving toward more attractive targets," he told TechNewsWorld. What makes matters worse is that there's little the United States can do about the breach, said Securonix Chief Scientist Igor Baikalov. "First of all, the U.S. spies for 'national security advantages' just like China does -- no moral high ground for he U.S. there," he told TechNewsWorld. "Second and most frustrating, there's not much the U.S. can do to retaliate for this attack," Baikalov said. "Economic sanctions? They're hardly applicable to the country that holds most of your national debt." Source http://www.technewsworld.com/
