Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Malware Exploits Security Teams' Greatest Weakness: Poor Relationships With Employees
#1
Users' distrust of corporate security teams is exposing businesses to unnecessary vulnerabilities.

In early January, Colin McMillen, the lead developer at SemiColin Games, tweeted a warning about a popular Google Chrome extension, The Great Suspender. The utility came under fire after McMillen learned the developer sold it to a third party that silently released a version that could spy on a user's browsing habits, inject ads into websites, or even download sensitive data.

After a community outcry, the new owner removed the offending code. Now aware of the change of ownership and breach of trust, many savvy users removed the extension.

Even so, The Great Suspender remained available in the Chrome Web Store until Feb. 3, when Google finally pulled the plug. Many of the extension's 2 million users found out when they received a warning that simply stated, "This extension may be dangerous. The Great Suspender has been disabled because it contains malware."

While Google eventually set things right, it took too long. McMillen's tweet shone a bright light on this in January, but comments on the extension's issue tracker indicate users reported the problem to Google as early as October 2020. This left Chrome users in a potentially vulnerable position for over three months.

How Personal Computers Put Work Devices at Risk
Sometimes, Google Chrome extensions installed on personal computers are automatically installed and synchronized to work devices. This brings their problems into the security team's purview, which then must make difficult decisions because:

The risks associated with running suspicious extensions like The Great Suspender usually impact the employee, not the company, more.
Before the extension was banned in February, end users had no official indication the extension was potentially malicious.
Despite the risks associated with the extension, users intentionally installed it and, presumably, were happily using it.


Source
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  61 percent of employees fail basic cybersecurity quiz Bjyda 0 1,090 04-13-2021 , 05:06 PM
Last Post: Bjyda
  Active Exploits Hit WordPress Sites Vulnerable to Thrive Themes Flaws Bjyda 0 1,077 03-28-2021 , 12:06 PM
Last Post: Bjyda
  Ransomware now attacks Microsoft Exchange servers with ProxyLogon exploits tarekma7 0 1,227 03-12-2021 , 04:13 PM
Last Post: tarekma7
  Hacker posts exploits for over 49,000 vulnerable Fortinet VPNs mrtrout 0 1,114 11-23-2020 , 12:48 AM
Last Post: mrtrout
  Chinese APT10 hackers use Zerologon exploits against Japanese orgs mrtrout 0 1,001 11-18-2020 , 10:50 PM
Last Post: mrtrout



Users browsing this thread: 2 Guest(s)