Tag: Security Breach

  • 16 Popular Chrome Extensions, Including Adblock, Hacked in Cyber Attack

    16 Popular Chrome Extensions, Including Adblock, Hacked in Cyber Attack

    Key Takeaways

    1. Over 3.2 million users were at risk due to malicious browser extensions that appeared legitimate but injected harmful scripts and stole information.

    2. The attack involved a supply chain breach, allowing attackers to push harmful updates to trusted extensions without users’ knowledge.

    3. Initial purposes of the affected extensions included ad blocking and screen capturing, but updates introduced unauthorized data theft and ad insertion.

    4. Compromised developer accounts enabled attackers to gain control of extensions, exploiting permissions like ‘host_permissions’ and ‘scripting’.

    5. Users should be cautious about installing new extensions and not rely solely on positive reviews, as traditional security protections may be evaded.

    A significant security incident has put more than 3.2 million users at risk due to a series of harmful browser extensions. These extensions, which appeared to be legitimate, were discovered injecting malicious scripts, stealing user information, and committing search engine fraud. Researchers found that this attack was carried out via a supply chain breach, where attackers gained access to trusted extensions and pushed harmful updates without users being aware of it.

    How the Malicious Extensions Operated

    The affected extensions were initially created for purposes like ad blocking, emoji keyboards, and screen capturing, among others. However, updates added hidden scripts that allowed unauthorized data theft, modifications to HTTP requests, and the insertion of ads into webpages. Users who had previously given permissions to these extensions remained oblivious to these changes, which enabled attackers to manipulate their web activities in real-time. Many security experts have noted that the permissions these extensions required, such as host access and scripting controls, made them especially hazardous.

    List of Affected Chrome Extensions

    The investigation has linked this incident to developer accounts that were compromised. Some developers, without realizing it, transferred control of their extensions to the attackers, who then pushed malicious updates through the official browser extension stores. The attack’s framework seems connected to known phishing tactics. The threat actors exploited permissions like ‘host_permissions’, ‘scripting’, and ‘declarativeNetRequest’ to carry out their scheme.

    Similarities to Past Attacks

    Another alarming factor in this campaign is its similarity to earlier supply chain attacks, where trusted software is used as a vehicle for malware distribution. By using the update mechanisms of browser extensions, attackers can evade traditional security protections.

    Currently, the identified extensions have been taken down from official platforms. Nonetheless, users should be cautious and not depend solely on positive reviews when deciding to install new extensions.

    Source:
    Link

    16 Popular Chrome Extensions, Including Adblock, Hacked in Cyber Attack
    Tags: , ,
  • Authy Data Breach Exposes 33M Phone Numbers

    Authy Data Breach Exposes 33M Phone Numbers

    Twilio, the firm responsible for the two-factor authentication app Authy, has experienced a security breach that exposed 33 million phone numbers linked to Authy accounts due to an unsecured API endpoint.

    Details of the Breach

    On July 1, 2024, Twilio revealed the breach through a blog post. The incident was caused by an “unauthenticated endpoint” that permitted unauthorized access to data linked to Authy accounts. Fortunately, no passwords, two-factor authentication seeds, or other highly sensitive account details were compromised, but phone numbers associated with Authy accounts were exposed.

    Threat and Response

    The hacking group ShinyHunters has been identified as the culprits behind the breach. They have released a file containing the exposed phone numbers on a hacking forum, which has heightened the risk of phishing attacks and SIM swapping. In response, Twilio has secured the vulnerable endpoint and assured users that no other Twilio systems or sensitive data were accessed. Users are encouraged to update their Authy apps to the latest versions (Android v25.1.0 or later, iOS v26.1.0 or later) to boost security.

    Preventive Measures for Users

    Authy users should take the following steps to protect themselves:

    • Update the Authy App: Make sure you are using the latest version, which includes crucial security updates.
    • Enable SIM Lock: Protect your SIM card with a passcode to prevent unauthorized transfers.
    • Beware of Phishing and Smishing: Be vigilant of unsolicited messages or calls asking for login information, as these could be attempts to steal your credentials.
    • Consider a Different Authenticator App: You may also switch to a different 2FA app. Aegis Authenticator is a free-to-use option for Android users.

    Official Statement from Twilio

    Twilio has reiterated its dedication to security and transparency, stating, “We believe that the security of our products and our customer’s data is of paramount importance and when an incident occurs that might threaten that security, we tell you about it.”

    Twilio’s Security Incident Response Team is closely monitoring the situation and will provide updates as necessary. Users experiencing issues with their Authy accounts are urged to reach out to Authy support for assistance.

    Tags: ,