Collaborate Disseminate
Mozilla has wiped 23 extensions from its directory of Firefox browser add-ons after finding what it says were inappropriate functions in the code. Continue reading Firefox axes add-ons, developer pushes back
Two or three years back you would see a handful of really interesting unofficial badges at DEF CON. Now, there’s a deluge of clever, beautiful, and well executed badges. Last weekend I tried to see every badge and meet every badge maker. Normally, I would publish one megapost to show off everything I had seen, but this year I’m splitting it into volumes. Join me after the break for the first upload of the incredible badges of DC26!
The Telephreak party at DEF CON is a gathering of a tight knit group of phone phreakers who spend …read more
A vulnerability in the Grammarly Chrome and Firefox extensions allowed websites to read users’ authentication tokes and use to them to log in to the users’ Grammarly accounts and access all the (potentially sensitive) information held in th… Continue reading Flaw in Grammarly’s extensions opened user accounts to compromise
Chris Pederick, the creator and maintainer of the Web Developer for Chrome extension, is the latest victim of attackers who hijack popular Chrome add-ons in order to push ads onto users. The method the attackers used to compromise the extension’s account is the same one that was so successful a few days ago against the developers of the Copyfish Chrome extension: a phishing email impersonating the Chrome Web Store team, with a link that points … More → Continue reading Another popular Chrome extension hijacked through phishing
Turla, an APT cyberespionage group that has been targeting corporations, intelligence and other government agencies for years, is using a malicious Firefox extension to backdoor targets’ systems. The extension Named “HTML5 Encoding 0.3.7”, the extension has a backdoor component that can gather information about the targeted system, send it encrypted to the C&C, upload and download files from the C&C, execute files, and read directory content. It was delivered through the compromised website of an … More → Continue reading Backdoored Firefox extension checks Instagram for C&C info
It’s been an eventful couple of weeks for LastPass developers, as they’ve scrambled to fix a couple of serious flaws in the popular password manager’s extensions, which would allow attackers to get at users’ passwords and even execute code on the users’ machines. The flaws were flagged by Google Project Zero researcher Tavis Ormandy, and responsibly disclosed to the company. To their credit, LastPass has been doing a great job at responding to the vulnerability … More → Continue reading LastPass is working on fixing latest code execution bug
LastPass Chrome and Firefox extensions contain flaws that could allow malicious websites to steal victims’ passwords or execute commands on their computer. The flaws were discovered by Google Project Zero researcher Tavis Ormandy, and responsibly disclosed to LastPass. But while the company has pushed out what seems to be a slapdash and incomplete fix in the latest version of the Chrome extension (4.1.42, dated March 14, 2017), a fixed version of the Firefox plug-in has … More → Continue reading LastPass extensions can be made to cough up passwords, deliver malware
Canonical’s Ubuntu Forums have been hacked, and the attacker has managed to access and download part of the Forums database, containing usernames, email addresses and IPs for 2 million users. “No active passwords were accessed; the passwords stored in this table were random strings as the Ubuntu Forums rely on Ubuntu Single Sign On for logins. The attacker did download these random strings (which were hashed and salted),” Canonical CEO Jane Silber explained on Friday. … More → Continue reading Ubuntu Forums hacked again, 2 million users exposed
Running an add-on script forces victims to give away in-game gold. Continue reading A Gold-Stealing Script Is Rapidly Spreading Across ‘World of Warcraft’
Google has announced that it’s modifying the User Data Policy for the Chrome Web Store, and developers have three months to make the needed changes if they don’t want their add-ons and apps to be booted from the online store. “The new User Data Policy extends existing policies to ensure transparent use of the data in a way that is consistent with the wishes and expectations of users,” noted Teresita Perez and Athas Nikolakakos of … More → Continue reading Chrome Web Store developers have to improve user data transparency