Google chrome

The Google Chrome extension tracks users’ internet activity. Learn more about the whistleblower scandal on Twitter. Updates in the commercial spyware industry.

In one look.

  • The Google Chrome extension tracks users’ internet activity.
  • Learn more about the whistleblower scandal on Twitter.
  • Updates in the commercial spyware industry.
  • Maybe threat actors just don’t want to pay late fees.
  • Clean up the NHS data breach.

The Google Chrome extension tracks users’ internet activity.

Five Google Chrome extensions collectively downloaded over 1.4 million times monitor users’ browsing histories to know when users visit an e-commerce site and change the visitor’s cookie to appear as if went through a referral link. In return, BleepingComputer Explain, the authors of the malicious extensions receive an affiliate commission for any purchase made on the e-commerce site. Detected by McAfee threat analysts, the extensions in question are Netflix Party, Netflix Party 2, Full Page Screenshot Capture, FlipShope Price Tracker Extension and AutoBuy Flash Sales. The two Netflix Party extensions have been removed from the Chrome Web Store, but the other three are still available, and the removal will not remove the extensions from web browsers; users must uninstall them themselves.

Uriel Maimon, head of emerging products at Human Security, says he sees a systemic problem with browser extensions. “Browser extensions are the Wild Wild West of the Internet,” he wrote. “There are approximately 200,000 extensions available on the Chrome Store alone. What most users don’t realize is that extensions have full access to all data on a page, including your email address. email, banking information, and credit card numbers. Although many extensions provide value-added services, nothing stops them from collecting and misusing user data.”

Learn more about the whistleblower scandal on Twitter.

Twitter whistleblower Peiter “Mudge” Zatko’s revelations last week – alleging the social media giant misled regulators about its weak cybersecurity defenses and allowed bot accounts to spread misinformation – continue to send shockwaves through the privacy community. Zatko claimed that Twitter allowed the Indian government to put agents on the company’s staff, giving them “direct, unsupervised access to company systems and user data.” Prateek Waghre, policy director of the Indian digital rights organization Internet Freedom Foundation, Told Security Week, “We tend to think of these companies as large, well-resourced entities that know what they’re doing, but you realize that many of their actions are ad hoc and reactive, driven by crises.”

Last October, a Saudi aid worker was arrested for allegedly creating an anonymous and satirical Twitter account, and it is possible he was discovered by spies believed to work for the social media giant. Bethany Al-Haidari, who works for the US human rights group Freedom Initiative, says it’s likely Twitter’s cybersecurity issues could allow hackers or governments to reveal the identities of dissidents. “Given what we know about how social media is used around the world, this is incredibly problematic,” Al-Haidari said. Tony Anscombe, Chief Cyber ​​​​​​Threat Officer at ESET, a cybersecurity software provider based in Slovakia, intervenes: “If the allegations are true, yes, there is probably an increased risk”, he said. Told Yahoo funds. However, Anscombe sees a silver lining for Twitter users. “If the allegations are unfounded, then the company is probably doing an audit anyway to make sure they have no weaknesses and, if they are founded, they’re running around to fix those things. So in fact, the end result is a good thing.”

Updates in the commercial spyware industry.

As we noted last week, Tykelab, a subsidiary of Italian software company RCS, was discovered to be using a system of unsecured phone networks to send ‘tracking packets’ used to monitor individuals in Asia. Southeast, Africa, Latin America and the United States. EU. Cybernews Remarks that despite its discovery eight years ago, the security flaw has not been patched, the result of a telecommunications industry practice of renting network access points to other parties. The apple doesn’t fall far from the tree in this case, as Cy4Gate reported in December that Tykelab’s RCS parent company’s surveillance products include a phone hacking tool that can be used to record calls and access distance to other sensitive data, and that web pages spoofing Apple and Facebook were used to trick targets into downloading the software.

Meanwhile, Gearrice reports that NSO Group, the company at the center of last year’s Pegasus spyware scandal, is reorganizing. The revelation that Pegasus was being used to spy on journalists and activists around the world left NSO with a pile of blacklists, sanctions and lawsuits, and as a result around 100 company employees were fired and the CEO Shalev Hulio resigned. . In a recent press release, NSO said it plans to focus on supporting NATO countries – a wise choice given the impact of the war in Ukraine – and that it still hopes to become ” one of the largest cybertech companies in the world”.

Maybe threat actors just don’t want to pay late fees.

Leading US library vendor Baker & Taylor suffered a ransomware attack last week, and the company is struggling to get its systems back online, the Record by Recorded Future reports. Baker & Taylor confirmed the attack on its website on Monday, saying, “Our IT team and outside experts are working around the clock to restore our systems.” The company said several of its systems and applications, including its internal phone network, were affected. Founded nearly two hundred years ago, Baker & Taylor offers library technology solutions as well as physical and digital content, including books, e-books, audiobooks, music and video. It’s unclear who might be behind the attack or if any ransom demands were made. The publishing industry has fallen on hard times recently, as US publishing powerhouse Macmillan was hit by a ransomware attack last month, and ransomware group LockBit attacked German library service Onleihe in april.

Clean up the NHS data breach.

Itay Bochner, Director of Malware Scanning Solutions at OPSWAT, wrote of the problems the NHS breach continues to cause:

“The UK NHS ransomware attack is becoming one of the biggest cyberattacks to ever take place in healthcare. More than 20 days have passed since the cloud provider of Advanced Health Services was attacked by ransomware. Since then, providers and patients have been denied access to medical records, causing chaos and a wider societal impact. Patients can’t get their medications, physiatrists cannot add reports to the system and give their professional advice to the court, and it was only last week that the 111 emergency dispatch number was reinstated.

“Advanced estimated that it could be a few more weeks before we see a full restoration of services, leaving many questions about why recovery is taking so long and what might have been in place before the attack to reduce the recovery time.

“Although we can only speculate at this time, the long recovery time could be caused by Advanced’s production environment and the latest save game is not up to date. More likely, it could be because the backup is also infected with the malware, and recovering it won’t help, forcing them to go back or rebuild it.Another possibility is that they backed everything up but never tried to recover it, and now, when needed, it just doesn’t work. If so, performing routine backups and recovery could have helped in a situation like this and restored those critical services faster.

“While we have seen so many attacks on critical infrastructure, this may be an example of how the effects of cyberattacks on healthcare systems could potentially be more dangerous (and deadly) than on any other critical industry.” Added 9.1.22: “The UK NHS is not alone in battling this issue – just last week, Center Hospitalier Sud Francilien, a French hospital outside Paris, was hit by LockBit ransomware with a demand to pay $10 million, forcing them to send patients elsewhere for medical health services.

“Monetization of the attack is more likely given that human lives are at stake and the general population depends on health care and emergency services on a daily basis.”