October 30, 2024 at 10:03AM A recently patched security flaw in the Opera browser, identified as CrossBarking, allowed malicious extensions to access private APIs, facilitating actions like screenshot capture and account hijacking. Guardio Labs demonstrated the exploit using a benign extension. The incident highlights ongoing security concerns and the need for stricter monitoring of browser … Read more
October 30, 2024 at 09:22AM Researchers revealed a new browser attack, “CrossBarking,” that exploits private APIs in Opera, granting hackers extensive control over users’ browsers. By using a malicious Chrome extension masquerading as a harmless app, attackers can manipulate browser settings, hijack accounts, and access sensitive information, highlighting security risks in browser API management. ### … Read more
October 8, 2024 at 08:36AM Malicious browser extensions are evading Google’s latest Chrome Web Store security, posing significant risks to individuals and organizations. Researchers showcased the ability to steal data and manipulate permissions. While Google aims to enhance privacy and security with Manifest V3, vulnerabilities still exist. Companies are advised to review and restrict browser … Read more
September 4, 2024 at 07:19AM The report “Why Account Takeover Attacks Still Succeed, and Why the Browser is Your Secret Weapon in Stopping Them” emphasizes the threat of account takeover attacks in SaaS environments and the role of the browser in neutralizing them. It highlights tactics used in account takeovers and recommends a browser security … Read more
August 11, 2024 at 12:28PM X is facing an increased bot problem with scammers exploiting the Ukraine war and Japan earthquake warnings to lure users into clicking on fake content and videos. This leads to scam adult sites, malicious browser extensions, and shady affiliate sites. Based on the meeting notes, it appears that X has … Read more
August 9, 2024 at 11:25AM A widespread malware campaign installed malicious Google Chrome and Microsoft Edge browser extensions, stealing browsing history and data. Malware employed diverse malvertising themes, infecting victims’ web browsers through fake software installers and digitally signed downloaders. The malware evaded antivirus detection, hijacked browser homepages, and persisted in the system, necessitating manual … Read more
December 22, 2023 at 09:55AM Three Chrome extensions masquerading as VPNs were found to be malware, infecting users’ machines through pirated video game installers. ReasonLabs discovered the malicious extensions and reported their findings to Google, resulting in their removal from the Chrome Web Store. The extensions targeted Russian-speaking users, stealing data, manipulating web requests, and … Read more
December 6, 2023 at 06:54AM Browser extensions present high-risk vectors for cyber-attacks, exploiting users’ trust through three types: initially malicious, compromised, and risky due to excessive permissions. The LayerX report highlights this threat and recommends vigilance in installation methods and identifying signs of potential harm, emphasizing the need for educated choices and robust security protocols … Read more
November 1, 2023 at 08:12AM LayerX is a secure enterprise browser extension that provides comprehensive visibility, continuous monitoring, and granular policy enforcement on browsing sessions. It addresses the challenge of protecting the browser against web-borne attacks and data leakage. LayerX offers features such as installation and setup, a dashboard for high-level insights, discovery of entities … Read more