Collaborate Disseminate
Jack Wallen lists the 5 GNOME extensions that help to make his work day a bit more productive.
The post Top 5 GNOME extensions to make your workflow easier appeared first on TechRepublic.
Continue reading Top 5 GNOME extensions to make your workflow easier
A company whose software has been widely used to administer law school entrance exams during the coronavirus pandemic has agreed to an independent audit of the software after a U.S. senator raised cybersecurity concerns about the product. Alabama-based ProctorU’s web-browser extension software has allowed people across the U.S. to take the LSAT exam from home during the pandemic. But Sen. Ron Wyden, D-Ore., worried that that same accessibility, if left unsecured, could give cybercriminals a foothold onto test-takers’ devices. And so, after inquiries from Wyden, ProctorU has hired outside security experts to review its software and the tool it uses for remote troubleshooting, according to the Law School Admissions Council (LSAC), which administers the LSAT. More than 145,000 LSAT exams were administered online from May 2020 to February 2021, and ProctorU appears to be the main contractor for doing so. It’s another case of privacy and security risks emerging in […]
The post Online testing firm agrees to security audit after inquiry from senator appeared first on CyberScoop.
Continue reading Online testing firm agrees to security audit after inquiry from senator
Researchers identify malware existing in popular add-ons for Facebook, Vimeo, Instagram and others that are commonly used in browsers from Google and Microsoft. Continue reading 3M Users Targeted by Malicious Facebook, Insta Browser Add-Ons
At WWDC, Apple promised to double down on data protection in its upcoming iOS 14, macOS Big Sur, and Safari releases. Continue reading iOS 14, macOS Big Sur, Safari to give us ‘No, thanks!’ option for ad tracking
A sweeping set of surveillance campaigns has hit Google Chrome users, leading to nearly 33 million downloads of malicious software in the last three months, researchers at California-based Awake Security said Thursday. The researchers believe the unidentified hackers used Chrome extensions and other malicious tools — along with domains issued by a single registrar — to spy on computer users in sectors such as oil and gas, finance and health care. The hackers “were very effective in reaching a large number of industries and subverting controls that were in place,” said Gary Golomb, Awake Security’s cofounder and chief scientist. U.S. government contractors were among those targeted, Golomb said. He declined to identify the victims. The discovery exposes another gap in web browser security despite pledges from Google and other vendors to proactively block malicious code from appearing in their official download stores. After being tipped off by Golomb’s team, Google removed […]
The post How hackers used malicious Chrome extensions in a mass spying campaign appeared first on CyberScoop.
Continue reading How hackers used malicious Chrome extensions in a mass spying campaign
The policies are specifically meant to fight spam, but they outlaw tactics taken by malicious extensions as well, including fake reviews. Continue reading Google fights spammy extensions with new Chrome Web Store policy
They were posing as crypto wallets in order to rip off users’ private keys and mnemonic phrases and drain real wallets. Google’s yanked them. Continue reading 49 malicious Chrome extensions caught pickpocketing crypto wallets
If an app has more than 100 million installs, Google will pay for bugs, even if the app makers already have their own bounty programs. Continue reading Google throws bug bounty bucks at mega-popular third-party apps
Nacho Analytics gathered data like passwords, tax and prescription data from browser add-ons – and those who bought it can keep it. Continue reading Browser plug-ins peddled personal data from over 4m browsers
Evernote last month fixed a security flaw in a Google Chrome extension that could have allowed hackers to access information about roughly 4.6 million users, according to new research. Security vendor Guardio announced Wednesday it had discovered a vulnerability in Evernote’s Web Clipper extension for Chrome that could have allowed attackers to bypass the browser’s “same origin policy,” a security protocol meant to limit malicious scripts from spreading. Exploiting the flaw would have allowed attackers to gain privileges outside Evernote’s domain in Chrome — including access to a user’s other web content and services, researchers said. Evernote resolved the flaw within days, Guardio said, and there is no evidence the bug was exploited. Evernote did not respond to a request for comment from CyberScoop. The California company designs note-taking software that syncs and archives user files like lists, file attachments and websites between multiple devices. “Evernote was at the top of the list […]
The post Evernote patches flaw potentially affecting 4.6 million users of Google Chrome extension appeared first on CyberScoop.