Alerts

If your Firefox or Chrome browser has any of the below-listed four extensions offered by Avast and its subsidiary AVG installed, you should disable or remove them as soon as possible.

  • Avast Online Security
  • AVG Online Security
  • Avast SafePrice
  • AVG SafePrice

Why? Because these four widely installed browser extensions have been caught collecting a lot more data on its millions of users than they are intended to, including your detailed browsing history.

Most of you might not even remember downloading and installing these extensions on your web browser, and that’s likely because when users install Avast or AVG antivirus on their PCs, the software automatically installs their respective add-ons on the users’ browsers.

Both online security extensions have been designed to warn users when they visit a malicious or phishing website; whereas, SafePrice extensions help online shoppers learn about best offers, price comparisons, travel deals, and discount coupons from various sites.

The malicious behaviour of Avast and AVG extensions was discovered almost a month ago by Wladimir Palant, who detailed how the extensions are sending a large amount of data about users’ browsing habits, listed below, to the company’s servers — “far beyond what’s necessary for the extension to function.”

Read more »

A new Windows trojan has been discovered that attempts to steal passwords stored in the Google Chrome browser. While this is nothing unique, what stands out is that the malware uses a remote MongoDB database to store the stolen passwords.

This trojan is called CStealer, and like many other info-stealing trojans, was created to target and steal login credentials that were saved in Google Chrome’s password manager.

Targeting Chrome Passwords

 

After being discovered by MalwareHunterTeam and further analyzed by James, though, things got a bit more interesting.

Instead of compiling the stolen passwords into a file and sending them to a C2 under the attackers control, the malware connects directly to a remote MongoDB database and uses it to store the stolen credentials. Read more »

If you have ever registered an account with the official Magento marketplace to bought or sold any extension, plugin, or e-commerce website theme, you must change your password immediately.

Adobe—the company owning Magento e-commerce platform—today disclosed a new data breach incident that exposed account information of Magento marketplace users to an unknown group of hackers or individuals.

According to the company, the hacker exploited an undisclosed vulnerability in its marketplace website that allowed him to gain unauthorized third-party access to the database of registered users — both customers (buyers) as well as the developers (sellers).

The leaked database includes affected users’ names, email addresses, MageID, billing and shipping address information, and some limited commercial information.

While Adobe didn’t reveal or might don’t know when the Magento marketplace was compromised, the company did confirm that its security team discovered the breach last week on November 21.

Read more »

In a statement at midday today (local time), Spanish multinational security company Prosegur announced that it was the victim of a cybersecurity incident disrupting its telecommunication platform.

The company restricted communications with its customers to avoid malware propagation.

According to Derecho de la Red, the malware strain used in the attack is Ryuk, delivered via Emotet. The Spanish website also confirmed that the entire company network was down today and employees were sent home.

It is unclear when Prosegur detected the incident, but some reports occurred before 6 a.m. (GMT+1), with some sources saying that the company network became unavailable around four in the morning, local time, and it is still down at the moment of writing.

Some users on Twitter criticized the company for delaying the release of a statement and providing too little information about what happened.

Read more »

As part of its active efforts to protect billions of online users, Google identified and warned over 12,000 of its users who were targeted by a government-backed hacking attempt in the third quarter of this year.

According to a report published by Google’s Threat Analysis Group (TAG), more than 90 percent of the targeted users were hit with “credential phishing emails” that tried to trick victims into handing over access to their Google account.

Google’s TAG tracks over 270 government-backed hacking groups from over 50 countries that are involved in intelligence collection, stealing intellectual property, destructive cyber attacks, targeting dissidents, journalists, and activists, or spreading coordinated disinformation.

The alerts were sent to targeted users between July and September 2019, which is consistent within a +/-10 percent range of the number of phishing email warnings sent in the same period of 2018 and 2017, the company said.

These warnings usually get sent to the potential targets, which generally are activists, journalists, policy-makers, and politicians. However, if you have received any such alert, do not freak out straight away — it doesn’t necessarily mean that your Google account has been compromised.

Read more »