Yazılar

Hackers Target Multiple Companies’ Chrome Extensions in Widespread Campaign

/in /tarafından

Hackers have compromised a variety of companies’ Chrome browser extensions in a series of cyberattacks that began in mid-December, according to affected firms and cybersecurity experts. One confirmed victim, Cyberhaven, a California-based data protection company, revealed the breach in a statement to Reuters on Friday.

“Cyberhaven can confirm that a malicious cyberattack occurred on Christmas Eve, affecting our Chrome extension,” the company said. It referenced cybersecurity experts’ findings, which indicated the breach was part of a broader campaign targeting Chrome extension developers across multiple organizations. The company also confirmed it is cooperating with federal law enforcement authorities in its investigation.

Browser extensions, often used to enhance user experience through features like auto-applying coupons or improving data management, were exploited in this campaign to compromise sensitive data. Cyberhaven’s Chrome extension is specifically designed to help monitor and secure client data across web-based applications.

Jaime Blasco, cofounder of Nudge Security in Austin, Texas, noted that Cyberhaven is not an isolated case. He identified several other compromised extensions, some impacted as early as mid-December. These included extensions related to artificial intelligence and virtual private networks (VPNs), suggesting an opportunistic approach aimed at collecting as much sensitive data as possible from a wide range of sources.

Blasco said, “I’m almost certain this is not targeted to Cyberhaven. If I had to guess, this was just random.”

The geographical reach of the campaign remains unclear. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) declined to comment, referring inquiries to the affected companies. Alphabet, the parent company of Google and maker of the Chrome browser, did not immediately respond to requests for comment.

This incident highlights the vulnerabilities associated with browser extensions and the potential for malicious actors to exploit them for broad data collection efforts. Experts urge developers and users alike to exercise caution and maintain robust security measures for extensions to prevent similar breaches.

 

Kentucky Police Hunt for Shooter After Highway Attack Leaves Seven Injured

/in /tarafından

Kentucky authorities are searching for a suspect who wounded at least seven people in a shooting along Interstate 75 near the town of London, located close to the Daniel Boone National Forest. The incident occurred late Saturday afternoon when shots were fired at vehicles from a wooded area or overpass. Local officials confirmed that no fatalities have been reported, but the public has been urged to remain vigilant as the suspect remains at large. A 32-year-old man has been named a person of interest and is considered “armed and dangerous.” The shooting follows closely on the heels of a tragic school shooting in Georgia, raising concerns about a spate of gun violence in rural areas. Federal agents from the Bureau of Alcohol, Tobacco, Firearms, and Explosives have joined local law enforcement in the investigation.