WebRTC Vulnerability leaks Real IP Addresses of VPN Users

An extremely critical vulnerability has recently been discovered in WebRTC (Web Real-Time Communication), an open-source standard that enables the browsers to make voice or video calls without needing any plug-ins.
AFFECTED PRODUCTS
Late last month, security researchers revealed a massive security flaw that enables website owner to easily see the real IP addresses of users through WebRTC, even if they are using a VPN or even PureVPN to mask their real IP addresses.
The security glitch affects WebRTC-supporting browsers such as Google Chrome and Mozilla Firefox, and appears to be limited to Windows operating system only, although users of Linux and Mac OS X are not affected by this vulnerability.
HOW DOES THE WebRTC FLAW WORKS
WebRTC allows requests to be made to STUN (Session Traversal Utilities for NAT) servers which return the “hidden” home IP-address as well as local network addresses for the system that is being used by the user.
The results of the requests can be accessed using JavaScript, but because they are made outside the normal XML/HTTP request procedure, they are not visible in the developer console. This means that the only requirement for this to work is WebRTC support in the browser and JavaScript.
CHECK YOURSELF NOW
A demonstration published by developer Daniel Roesler on GitHub allows people to check if they are affected by the security glitch.
Also, you can go through the following steps in order to check if you’re affected:
  • If your browser is secure, you should see something like this:
  • If your browser is affected by this issue, you’ll see information about your true IP address in the WebRTC section.
HOW TO PROTECT YOURSELF
For Chrome users :
Google Chrome and other Chromium-based browser users can install the WebRTC Block extension or ScriptSafe, which both reportedly block the vulnerability.
For Firefox Users :
In case of Firefox, the only extensions that block these look ups are JavaScript blocking extensions such as NoScript. To fix, try the following steps:
  • Type about:config in the browser’s address bar and hit enter.
  • Confirm you will be careful if the prompt appears.
  • Search for media.peerconnection.enabled.
  • Double-click the preference to set it to false.
  • This turns of WebRTC in Firefox.

Hackers Use New Flash Zero-Day Exploit to Distribute FinFisher Spyware

FinSpy—the infamous surveillance malware is back and infecting high-profile targets using a new Adobe Flash zero-day exploit delivered through Microsoft Office documents.
Security researchers from Kaspersky Labs have discovered a new zero-day remote code execution vulnerability in Adobe Flash, which was being actively exploited in the wild by a group of advanced persistent threat actors, known as BlackOasis.
The critical type confusion vulnerability, tracked as CVE-2017-11292, could lead to code execution and affects Flash Player 21.0.0.226 for major operating systems including Windows, Macintosh, Linux and Chrome OS.
Researchers say BlackOasis is the same group of attackers which were also responsible for exploiting another zero-day vulnerability (CVE-2017-8759) discovered by FireEye researchers in September 2017.
Also, the final FinSpy payload in the current attacks exploiting Flash zero-day (CVE-2017-11292) shares the same command and control (C&C) server as the payload used with CVE-2017-8759 (which is Windows .NET Framework remote code execution).So far BlackOasis has targeted victims in various countries including Russia, Iraq, Afghanistan, Nigeria, Libya, Jordan, Tunisia, Saudi Arabia, Iran, the Netherlands, Bahrain, United Kingdom and Angola.
The newly reported Flash zero-day exploit is at least the 5th zero-day that BlackOasis group exploited since June 2015.
The zero-day exploit is delivered through Microsoft Office documents, particularly Word, attached to a spam email, and embedded within the Word file includes an ActiveX object which contains the Flash exploit.
The exploit deploys the FinSpy commercial malware as the attack’s final payload.

“The Flash object contains an ActionScript which is responsible for extracting the exploit using a custom packer seen in other FinSpy exploits,” the Kaspersky Labs researchers say.

FinSpy is a highly secret surveillance tool that has previously been associated with Gamma Group, a British company that legally sells surveillance and espionage software to government agencies across the world.
FinSpy, also known as FinFisher, has extensive spying capabilities on an infected system, including secretly conducting live surveillance by turning ON its webcams and microphones, recording everything the victim types on the keyboard, intercepting Skype calls, and exfiltration of files.To get into a target’s system, FinSpy usually makes use of various attack vectors, including spear phishing, manual installation with physical access to the affected device, zero-day exploits, and watering hole attacks.

“The attack using the recently discovered zero-day exploit is the third time this year we have seen FinSpy distribution through exploits to zero-day vulnerabilities,” said Anton Ivanov, lead malware analyst at Kaspersky Lab.

“Previously, actors deploying this malware abused critical issues in Microsoft Word and Adobe products. We believe the number of attacks relying on FinSpy software, supported by zero day exploits such as the one described here, will continue to grow.”

Kaspersky Lab reported the vulnerability to Adobe, and the company has addressed the vulnerability with the release of Adobe Flash Player versions 27.0.0.159 and 27.0.0.130.
Just last month, ESET researchers discovered legitimate downloads of several popular apps like WhatsApp, Skype, VLC Player and WinRAR (reportedly compromised at the ISP level) that were also distributing FinSpy.
So, businesses and government organizations around the world are strongly recommended to install the update from Adobe as soon as possible.
Microsoft will also likely be releasing a security update to patch the Flash Player components used by its products.

Fbi Arrests A Cyberstalker After Shady “No-Logs” VPN Provider Shared User Logs

FBI recently arrested a psycho cyber stalker with the help of a popular VPN service and this case apparently exposed the company’s lies about the “no logs” policy.
Taking down cyber stalkers and criminals is definitely a good thing, and the FBI has truly done a great job, but the VPN company whose first line of the privacy policy is—“We Do Not monitor user activity nor do we keep any logs”—has literally betrayed its customer’s trust.

Is your VPN also lying to you? Well, it’s the right time to think about this twice.

It’s no secret that most VPN services—which claim to shield your Internet traffic from prying eyes, assuring you to surf the web anonymously—are not as secure as they claim.
In this post-Snowden era, a majority of VPN providers promise that their service is anonymous, with no log policy, but honestly, there is no way you can verify this.

PureVPN Helped the FBI with Logs

A 24-year-old Massachusetts man, Ryan Lin, has been arrested in a Cyberstalking case after one of the largest VPN providers, PureVPN, helped the FBI with information that linked Lin to his alleged cyber crimes.In an FBI affidavit published last week by the US Department of Justice (DoJ), Lin is accused of stalking and harassing his housemates and former-roommates online while evading local police by using various services like Tor, VPNs and Textfree.
Lin tormented his former-roommate, Jennifer Smith, for one and a half year after stealing credentials for some of her online profiles from her unlocked MacBook, and other personal files, including photographs, from her iCloud and Google Drive accounts.
According to the affidavit, Lin released Smith’s personal details online (known as ‘doxing’), posted intimate photographs without her face suggesting they were of Smith, and emailed her private information to her contacts, including her family, relatives and colleagues.
Additionally, Lin allegedly posted fake profiles of her to websites “dedicated to prostitution, sexual fetishes, and other sexual encounters,” shared information about her medical background that she never shared with anyone, and sent “images that likely constitute child pornography” to her family and friends.

Suspect Also Made Bomb, Death and Rape Threats

What’s more? Lin often spoofed Smith’s identity to send bomb, death and rape threats to schools and lone individuals, which even tricked one of her friends into calling the police to her house.
To conduct all these illegal actions and hide his tracks, Lin used various privacy services like ProtonMail, VPN clients, and Tor, anonymised international text messaging services and offshore private e-mail providers.
However, the suspect made a mistake by using a work computer for some of his illegal campaigns. The feds were able to recover some forensic artefacts from his work computer, even though he had been terminated and the OS had been reinstalled on the computer.

In the unallocated space of the system’s hard drive, the FBI found artefacts referencing:

  • Bomb threats against local schools.
  • Username for TextNow, the anonymous texting service being Lin’s most-visited Website.
  • Lin’s name on Protonmail.
  • Lin had visited Rover.com (pet sitting site) and FetLife.com which were used in the cyberstalking campaigns.
  • Lin repeatedly accessed his personal Gmail account.
  • He used PureVPN in the cyberstalking campaign.

How FBI Investigated the Cyberstalking Case

PureVPN Helped the FBI with LogsThe FBI then managed to obtain logs from PureVPN, which linked himself to the illegal campaigns against Smith and his other former roommates.

“Further, records from PureVPN show that the same email accounts—Lin’s Gmail account and the teleportfx Gmail account—were accessed from the same WANSecurity IP address,” the complaint reads.

And then the complaint goes on to say what would be quite worrying for those who believe VPNs are their best way to protect their activities online:

“Significantly, PureVPN was able to determine that their service was accessed by the same customer from two originating IP addresses: the RCN IP address from the home Lin was living in at the time, and the software company where Lin was employed at the time.”

Being one of the largest and well-known VPN providers, Hong Kong-based PureVPN is used by hundreds of thousands of users across the world, which eventually handed over details which a VPN is supposed to protect against.
Lin was arrested by the authorities on October 5, and if found guilty, he faces up to 5 years in prison and up to 3 years of “supervised release,” according to the DoJ.

fake Digital Certificates Found in the Wild While Observing Facebook SSL Connections

Visiting a website certified with an SSL certificate doesn’t mean that the website is not bogus. Secure Sockets Layer (SSL) protect the web users in two ways, it uses public key encryption to encrypt sensitive information between a user’s computer and a website, such as usernames, passwords, or credit card numbers and also verify the identity of websites.
Today hackers and cyber criminals are using every tantrum to steal users’ credentials and other sensitive data by injecting fake SSL certificates to the bogus websites impersonating Social media, e-commerce, and financial websites as well.
DETECTING FAKE DIGITAL CERTIFICATES WIDELY
A Group of researchers, Lin-Shung Huang , Alex Ricey , Erling Ellingseny and Collin Jackson, from the Carnegie Mellon University in collaboration with Facebook have analyzed [PDF] more than 3 million SSL connections and found strong evidence that at least 6;845 (0:2%) of them were in fact tampered with forged certificates i.e. self-signed digital certificates that aren’t authorized by the legitimate website owners, but will be accepted as valid by most browsers.

They utilized the widely-supported Flash Player plug-in to enable socket functionality and implemented a partial SSL handshake on our own to capture forged certificates and deployed this detection mechanism on an Alexa top 10 website, Facebook, which terminates connections through a diverse set of network operators across the world.
Generally Modern web browsers display a warning message when encountering errors during SSL certificate validation, but warning page still allows users to proceed over a potentially insecure connection.

Fake SSL connections can argue that certificate warnings are mostly caused by server mis-configurations. According to usability survey, many users actually ignore SSL certificate warnings and trusting forged certificates could make them vulnerable to the simplest SSL interception attacks.
This means that a potential hacker can successfully impersonate any website, even for secure connections i.e. HTTPS, to perform an SSL ma-in-the-middle attack in order to intercept encrypted connections.
FAKE DIGITAL CERTIFICATES SIGNED WITH STOLEN KEYS FROM ANTIVIRUS
Researchers observed most of the forged SSL certificate are using same name as original Digital Certificate issuer organizations, such as VeriSign, Comodo.
Some Antivirus software such as Bitdefender, ESET, BullGuard, Kaspersky Lab, Nordnet, DefenderPro etc., has ability to intercept/Scan SSL connection on Clients’ system in order to defend their users from Fake SSL connections. These Antivirus products generate their own certificates that would be less alarming than other Self-signed digital certificates.
One should be wary of professional attackers that might be capable of stealing the private key of the signing certificates from antivirus vendors, which may essentially allow them to spy on the antivirus users (since the antivirus root certificate would be trusted by the client),” the researchers explained. “Hypothetically, governments could also compel antivirus vendors to hand over their signing keys.
Similar capabilities are observed in various Firewall, Parental Control Software and adware software those could be compromised by hackers in order to generate valid, but fake digital certificates.
DIGITAL CERTIFICATES GENERATED BY MALWARE
Researchers also noticed another interesting self-signed digital certificate, named as ‘IopFailZeroAccessCreate’, which was generated by some malware on client-end systems and using same name as trusted Certificate issuer “VeriSign Class 4 Public Primary CA.

Detected statistics shows that the clients infected with same malware serving ‘IopFailZeroAccessCreate’ bogus digital certificates were widespread across 45 different countries, including Mexico, Argentina and the United States.
Malware researchers at Facebook, in collaboration with the Microsoft Security Essentials team, were able to confirm these suspicions and identify the specific malware family responsible for this attack.
These variants provide clear evidence that attackers in the wild are generating certificates with forged issuer attributes, and even increased their sophistication during the time frame of our study,” they said.
DETECTION AND ATTACK MIGRATION TECHNIQUES
Attackers may also restrict Flash-based sockets by blocking Flash socket policy traffic on port 843 or can avoid intercepting SSL connections made by the Flash Player in order to bypass detection techniques used by the researchers. To counter this, websites could possibly serve socket policy files over firewall-friendly ports (80 or 443), by multiplexing web traffic and socket policy requests on their servers.
In Addition, researchers have discussed migration techniques in the paper such as HTTP Strict Transport Security (HSTS), Public Key Pinning Extension for HTTP (HPKP), TLS Origin-Bound Certificates (TLS-OBC), Certificate Validation with Notaries and DNS-based Authentication of Named Entities (DANE), those could be used by servers to enforce HTTPS and validate digital certificates.
HOW TO REMOVE MALWARE
If you are also infected by any similar malware, please follow below given steps to remove it:
  • Check your hosts file (C:\Windows\System32\Drivers\etc\hosts) for malicious entries
  • Check your DNS (Domain Name Server) settings on system and DSL Modem
  • Verify your proxy settings on browser
  • Cross-check your installed Browser addons.
  • Install reputed Antivirus and Firewall Product and Scan for malicious files

Chinese Man Jailed For Selling VPNs that Bypass Great Firewall

In an effort to continue its crackdown on VPNs, Chinese authorities have arrested a 26-year-old man for selling VPN software on the Internet.
China’s Supreme Court has sentenced Deng Jiewei from Dongguan in Guangdong province, close to Hong Kong, to nine months in prison for selling virtual private network (VPN) software through his own small independent website.VPN encrypts users’ Internet traffic and routes it through a distant connection so that web surfers can hide their identities and location data while accessing websites that are usually restricted or censored by any country.
Chinese citizens usually make use of VPNs to bypass the Great Firewall of China, also known as the Golden Shield project, which employs a variety of tricks to censor the Internet in the country.
The project already blocked access to some 171 out of the world’s 1,000 top websites, including Google, Facebook, Twitter, Tumblr, Dropbox, and The Pirate Bay in the country.
But to tighten grip over the Internet and online users, the Chinese government announced a 14-month-long crackdown on VPNs in the country at the beginning of this year, requiring VPN service providers to obtain prior government approval.
The move made most VPN vendors in the country of 730 million Internet users illegal, and has now resulted in the arrest of Deng, who was convicted of “providing software and tools for invading and illegally controlling the computer information system.”

According to the court documents posted on the China’s Supreme People’s Court website, Deng has been selling two VPN services on his website since October 2015, and was first detained in August last year.
Deng along with his partner Jiang Moufeng made nearly 14,000 Chinese yuan (just US$2,138) selling the VPN software, which allowed users to “visit foreign websites that could not be accessed by a mainland IP address.”
Deng has been found guilty of intrusions and “illegal control of computer information system procedures,” and has been sentenced to nine months imprisonment and fined 5,000 Chinese yuan.
Deng was actually sentenced in March this year, but the online court documents were circulated on a Chinese blog tracking social media trends in China, called What’s on Weibo, only on Sunday.
We reported in July that Apple also removed some of the popular VPN apps, including ExpressVPN and Star VPN, from its official Chinese app store in order to comply with the government crackdown that will remain in place until March 31, 2018.

 

Critical Flaw in Apache Struts2 Lets Hackers Take Over Web Servers

Security researchers have discovered a critical remote code execution vulnerability in the popular Apache Struts web application framework, allowing a remote attacker to run malicious code on the affected servers.
Apache Struts is a free, open-source, Model-View-Controller (MVC) framework for developing web applications in the Java programming language, which supports REST, AJAX, and JSON.
The vulnerability (CVE-2017-9805) is a programming blunder that resides in the way Struts processes data from an untrusted source. Specifically, Struts REST plugin fails to handle XML payloads while deserializing them properly.All versions of Apache Struts since 2008 (from Struts 2.5 to Struts 2.5.12) are affected, leaving all web applications using the framework’s REST plugin vulnerable to remote attackers.

According to one of the security researchers at LGTM, who discovered this flaw, the Struts framework is being used by “an incredibly large number and variety of organisations,” including Lockheed Martin, Vodafone, Virgin Atlantic, and the IRS.
“On top of that, [the vulnerability] is incredibly easy for an attacker to exploit this weakness: all you need is a web browser,” Man Yue Mo, an LGTM security researcher said.
All an attacker needs is to submit a malicious XML code in a particular format to trigger the vulnerability on the targeted server.
Successful exploitation of the vulnerability could allow an attacker to take full control of the affected server, eventually letting the attacker infiltrate into other systems on the same network.Mo said this flaw is an unsafe deserialization in Java similar to a vulnerability in Apache Commons Collections, discovered by Chris Frohoff and Gabriel Lawrence in 2015 that also allowed arbitrary code execution.
Many Java applications have since been affected by multiple similar vulnerabilities in recent years.
Since this vulnerability has been patched in Struts version 2.5.13, administrators are strongly advised to upgrade their Apache Struts installation as soon as possible.
More technical details about the vulnerability and proof-of-concept have not been published by the researchers yet, giving admins enough time to upgrade their systems.

Game of Thrones and HBO — Twitter, Facebook Accounts Hacked

The Game of Thrones hacking saga continues, but this time it’s the HBO’s and GOT’s official Twitter and Facebook accounts got compromised, rather than upcoming episodes.
As if the leak of episodes by hackers and the accidental airing of an upcoming episode of Game of Thrones by HBO itself were not enough, a notorious group of hackers took over the official Twitter and Facebook accounts for HBO as well as Game of Thrones Wednesday night.The hacker group from Saudi Arabia, dubbed OurMine, claimed responsibility for the hack, posting a message on both HBO’s official Twitter and Facebook accounts, which read: “Hi, OurMine are here, we are just testing your security, HBO team, please contact us to upgrade the security,” followed by a contact link for the group.This message was followed by another one, wherein hackers asked people to make the hashtag #HBOhacked trending on Twitter, which it did.Ourmine is the same group of hackers from Saudi Arabia that previously compromised social media accounts of major companies CEOs, including Twitter CEO Jack Dorsey, Facebook CEO Mark Zuckerberg, Google CEO Sundar Pichai, and Facebook-owned virtual reality company Oculus CEO Brendan Iribe.
In most of the cases, Ourmine hackers gain access to the social media accounts by credentials exposed in previous, publicly known data breaches.

However, the hacking group does not seem to ever go beyond just demonstrating its ability to take over the account, without doing much damage to the accounts or its protected information.
OurMine offers companies security against hacking, charging up to $5,000 for a “scan” of their social media accounts, site security holes, and other security vulnerabilities, and advertises its commercial services by breaking into famous accounts.HBO managed to remove the offending tweets shortly after the hackers posted them.
Just yesterday, in a devastating blunder, HBO Spain accidentally aired Episode 6 of Game of Thrones season 7 five days prior to its official premiere.
The popular entertaining company is also facing a threat from hacker or group of hackers who claimed to have obtained nearly 1.5 terabytes of information from HBO.
Over two weeks ago, the unknown hackers dropped episodes of “Ballers” and “Room 104,” along with a script of the fourth episode of Game of Thrones on the internet.
This leak was followed by another dump of a half-gigabyte sample of stolen data, including the company’s emails, employment agreements, balance sheets, and the script of the upcoming GOT episode, demanding a ransom—nearly $6 Million in Bitcoins.Although it was revealed that the company offered hackers $250,000 for extending the ransom payment deadline by one week, the proposal apparently failed to satisfy hackers, and they threatened to release more data every Sunday until the full ransom was paid.

Cyberspies Are Using Leaked NSA Hacking Tools to Spy On Hotels Guests

An infamous Russian-linked cyber-espionage group has been found re-using the same leaked NSA hacking tool that was deployed in the WannaCry and NotPetya outbreaks—this time to target Wi-Fi networks to spy on hotel guests in several European countries.
Security researchers at FireEye have uncovered an ongoing campaign that remotely steals credentials from high-value guests using Wi-Fi networks at European hotels and attributed it to the Fancy Bearhacking group.
Fancy Bear—also known as APT28, Sofacy, Sednit, and Pawn Storm—has been operating since at least 2007 and also been accused of hacking the Democratic National Committee (DNC) and Clinton Campaign in an attempt to influence the U.S. presidential election.The newly-discovered campaign is also exploiting the Windows SMB exploit (CVE-2017-0143), called EternalBlue, which was one of many exploits allegedly used by the NSA for surveillance and leaked by the Shadow Brokers in April.
EternalBlue is a security vulnerability which leverages a version of Windows’ Server Message Block (SMB) version 1 networking protocol to laterally spread across networks and also allowed the WannaCry and Petya ransomware to spread across the world quickly.
Since the EternalBlue code is available for anyone to use, cyber criminals are widely trying to use the exploit to make their malware more powerful.
Just last week, a new version of credential stealing TrickBot banking Trojan was found leveraging SMB to spread locally across networks, though the trojan was not leveraging EternalBlue at that time.
However, researchers have now found someone deploying the exploit to upgrade their attack.

“To spread through the hospitality company’s network, APT28 used a version of the EternalBlue SMB exploit,” FireEye researchers write. “This is the first time we have seen APT28 incorporate this exploit into their intrusions.”

Researchers have seen ongoing attacks targeting a number of companies in the hospitality sector, including hotels in at least seven countries in Europe and one Middle Eastern country.

Here’s How the Attack is Carried Out

The attacks began with a spear phishing email sent to one of the hotel employees. The email contains a malicious document named “Hotel_Reservation_Form.doc,” which uses macros to decode and deploy GameFish, malware known to be used by .
Once installed on the targeted hotel’s network, GameFish uses the EternalBlue SMB exploit to laterally spread across the hotel network and find systems that control both guest and internal Wi-Fi networks.

Once under control, the malware deploys Responder, an open source penetration testing tool created by Laurent Gaffie of SpiderLabs, for NetBIOS Name Service (NBT-NS) poisoning in order to steal credentials sent over the wireless network.

While the hacking group carried out the attack against the hotel network, researchers believe that the group could also directly target “hotel guests of interest”—generally business and government personnel who travel in a foreign country.
The researchers revealed one such incident that occurred in 2016 where Fancy Bear accessed the computer and Outlook Web Access (OWA) account of a guest staying at a hotel in Europe, 12 hours after victim connected to the hotel’s Wi-Fi network.
This is not the only attack that apparently aimed at guests of hotels. South Korea-nexus Fallout Team (also known as DarkHotel) has previously carried out such attacks against Asian hotels to steal information from senior executives from large global companies during their business trips.
Duqu 2.0 malware also found targeting the WiFi networks of European hotels used by participants in the Iranian nuclear negotiations. Also, high-profile people visiting Russia and China may have their laptops and other electronic devices accessed.
The easiest way to protect yourself is to avoid connecting to hotel Wi-Fi networks or any other public or untrusted networks, and instead, use your mobile device hotspot to get access to the Internet.

Hackers Hijacked Chrome Extension for Web Developers With Over 1 Million Users

From past few years, spammers and cyber criminals were buying web extensions from their developers and then updating them without informing their users to inject bulk advertisements into every website user visits in order to generate large revenue.
But now they have shifted their business model—instead of investing, spammers have started a new wave of phishing attacks aimed at hijacking popular browser extensions.
Just two days ago, we reported how cyber criminals managed to compromise the Chrome Web Store account of a German developer team and hijacked Copyfish extension, and then modified it with ad-injection capabilities to distribute spam correspondence to users.
Now just yesterday, another popular Chrome extension ‘Web Developer’ was hijacked by some unknown attackers, who updated the software to directly inject advertisements into the web browser of over its 1 million users.
Chris Pederick, the creator of Web Developer Chrome extension that offers various web development tools to its users, alerted late Wednesday that some unknown hackers apparently phished his Google account, updated the extension to version 0.4.9, and pushed it out to its 1,044,000 users.
In both the cases, cyber criminals used phishing first to gain access to the developers’ Google accounts, hijacked their respective extensions and then updated the extension to perform malicious tasks.
However, the Firefox version of both the extensions was unaffected.
According to the developer, the malicious software build fetched JavaScript code from the web and ran it within users’ web browsers to forcibly inject advertisements on web pages.
The plugin has access to pretty much everything that’s happening on a user’s browser—can do anything from reading all the website content to intercept traffic, sniff keystrokes, or any task one can imagine.
So, hijacking the Web Developer extension could be a nightmare for users—especially for those who are professional designers and access their official accounts (website, hosting, or email) using the same browser.
Pederick said version 0.4.9 of the software might have done worse, but within five to six hours of its compromise, he came to know of the malicious build, pulled it down from the Chrome store, and fixed the extension about an hour later.
However, the compromised code would have allowed the miscreants to make a sizable commission from the advertisements during the few hours the evil javascript was active.
Web Developer users are strongly recommended to update their extension to version 0.5 immediately.
Users should also consider changing their passwords for all web accounts, as well as nullify login tokens and cookies used on websites they visited while using the infected extension.

Security Vulnerability management enhances cyber security defense for businesses

Over the last several years, the number and magnitude of cyber security breaches has steadily increased. To date, numerous institutions, big and small, both private and public, have disclosed that databases containing customer identities and other private information have been exposed and compromised.

Yet, there is hope for organizations and their employees alike, in the form of sophisticated cyber defense tools and security safeguards and solutions. There are numerous strategies and tools currently available that can create friction for hackers and discourage those who would       attempt to breach security.Frost & Sullivan’s latest article, “Leveraging Vulnerability Management for Enhanced Security,” discusses how security is becoming more complex, requiring sophisticated processes and approaches such as Vulnerability Management (VM). The article reveals that North America accounted for the most VM sales, 76.8 percent, in 2016. By 2021, that share will increase to 77.8 percent.

“The importance of vulnerability assessment scanning cannot be overstated. The best cyber security posture is not threat incident detection and response, nor is it other threat mitigation techniques.” noted Frost & Sullivan Network Security Industry Analyst Christopher Kissel. “The best threat response is prevention.”

There are many challenges related to the accuracy of data and measurement in dynamic network environments. Accuracy is very important with VM and the sharing of data obtained. One particular challenge involves scan to scan host correlation.To start, there are many different scanning technologies to choose from. Often, organizations will use a technique known as network unauthenticated scanning, where scanning is remote to the devices, then sends out internet messaging, based upon device responses. This technique allows for the scanning of devices and open ports and can highlight configuration issues and other vulnerabilities.

“VM tools must be easy and intuitive to use and in the case of smaller and mid-sized companies, there has to be a mechanism where VM tools can be integrated into every day IT workflow,” continued Kissel. “For example, the fundamental strength of Digital Defense, Inc.’s VM solution is that it accurately tracks the host controls in a network, and as such, the host environment is understood, and the chance for the false positives from scan data from endpoints is greatly diminished.”