Enhance cybersecurity awareness and survivability for DoD, industry partners, and academia in the face of the ever-increasing threat of cyber attacks. Cybersecurity (CS) includes managing risks related to the use, processing, storage, and transmission of information and the systems and processes used for those purposes, including analog and physical form. CS includes information availability, identification and authentication, confidentiality, integrity, and non-repudiation as well as the economic considerations with respect to selection of CS techniques, CS processes, and industry trends.
Hijacked MEGA Chrome Extension
- This topic has 0 replies, 1 voice, and was last updated 2 years, 7 months ago by .
-
Topic
-
Big news for anyone who uses Chrome and MEGA.nz for their cloud storage! For the savvy security people, the use of extensions and add-ons are something they are cognizance of while downloading and possibly editing app codes before installing. However, this should be a wakeup call for the normal everyday user who thinks little of security and puts faith into Google for their apps.
Third party extensions do not get thoroughly reviewed before being added to Google’s webstore. The hacking of the MEGA extension (version 3.39.4) involves a trojan that request auto updates and elevated permissions. This breach makes me wonder how to distinguish what updates my system really needs. How is the average person to know what to do? Was always under the assumption to get the most recent updates, as they have the patches required to combat bugs in the system. So, is the only warning due to the elevated permissions…and do most people just hit accept without reading what they are accepting?
9.4.2018 – https://mega.nz/blog_47
9.3.2018 – https://thehackernews.com/2018/09/mega-file-upload-chrome-extension.html
Swati Khandelwal (accessed 9.8.18)Sept 18 – https://krebsonsecurity.com/2018/09/browser-extensions-are-they-worth-the-risk/ (accessed 9.8.18)
You must be logged in to reply to this topic.