Data Security News Headlines 17th August 2017

  1. 8 More Chrome Extensions Hijacked to Target 4.8 Million Users

Extensions are Small programs that add new features to your browser and personalize your browsing experience. According to a latest report, Google’s Chrome web browser Extensions are under attack with a series of developers being hacked within last one month. Two weeks ago, it was reported about how unknown attackers managed to compromise the Chrome Web Store account of a developer team and hijacked Copyfish extension, and then modified it to distribute spam correspondence to users. Just after that incident, some unknown attackers then hijacked another popular extension ‘Web Developer’ and then updated it to directly inject advertisements into the web browser of over its 1 million users. Once the attackers gained access to the accounts, either they hijacked their respective extensions and then modified them to perform malicious tasks, or added malicious Javascript code to them in an attempt to hijack traffic and expose users to fake ads and password theft in order to generate revenue. In all the above cases, some unknown attackers first gained access to the developers’ Google web accounts by sending out phishing emails with malicious links to steal account credentials. According to the latest report published by the researchers at Proofpoint on Monday, compromised Chrome Extensions are as below:

  • Chrometana (1.1.3)
  • Infinity New Tab (3.12.3)
  • CopyFish (2.8.5)
  • Web Paint (1.2.1)
  • Social Fixer (20.1.1)

Cyber Security Tips: Users are strongly recommended that avoid uninstalled the listed chrome extensions from your browser, change your passwords, clear your browsing data and avoid to open any malicious links and document.

  1. Backdoor Found in Popular Server Management Software used by Hundreds of Companies

Server management software’s are used by various organization to manage their servers. According to a latest report backdoor has been found in popular server management software.  Dubbed ShadowPad is the secret backdoor which allows attackers complete control over networks hidden behind legit cryptographically signed software sold by NetSarang—used by hundreds of banks, media firms, energy companies, and pharmaceutical firms, telecommunication providers, transportation and logistics and other industries for 17 days starting last month. According to researchers at Kaspersky Labs, who discovered this well-hidden backdoor, someone managed to hijack the NetSarang’s update mechanism and silently insert the backdoor in the software update, so that the malicious code would silently deliver to all of its clients with NetSarang’s legitimate signed certificate. The activation of the backdoor was eventually triggered by a specially crafted DNS TXT record for a specific domain name. Once triggered, the command and control DNS server in return sends back the decryption key which is downloaded by the software for the next stage of the code, effectively activating the backdoor. Once activated, the ShadowPad backdoor provides a full backdoor for an attacker to download and run arbitrary code, create processes, and maintain a virtual file system (VFS) in the registry, which is encrypted and stored in locations unique to each victim. The affected NetSarang’s software packages are:

  • Xmanager Enterprise 5.0 Build 1232
  • Xmanager 5.0 Build 1045
  • Xshell 5.0 Build 1322
  • Xftp 5.0 Build 1218
  • Xlpd 5.0 Build 1220

Cyber Security Tips: Users are strongly recommended that stop using this product until you update them. Make sure that the following domains should be blocked.

  • ribotqtonut[.]com
  • nylalobghyhirgh[.]com
  • jkvmdmjyfcvkf[.]com
  • bafyvoruzgjitwr[.]com
  • xmponmzmxkxkh[.]com
  • tczafklirkl[.]com
  • notped[.]com
  • dnsgogle[.]com
  • operatingbox[.]com
  • paniesx[.]com
  • techniciantext[.]com

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: