Venture Capital ✔

❕ Cyber firm’s Chrome extension hijacked to steal user passwords

Cyberhaven, a data-loss prevention startup, reported that hackers hijacked its account to publish a malicious update to its Chrome extension, which could steal user passwords and session tokens. This incident, occurring on December 25, is suspected to be a supply-chain attack. Cyberhaven confirmed the breach and removed the compromised extension from the Chrome Web Store soon after detecting the attack.

They advised affected customers to revoke and rotate all passwords and review logs for any malicious activity. The company is cooperating with federal law enforcement and has engaged an incident response firm, Mandiant, to investigate the breach. It appears that this attack may be part of a larger campaign targeting multiple Chrome extension developers.

💬 Source

📌 Powered by V3V Ventures

Please open Telegram to view this post

VIEW IN TELEGRAM

www.tg-me.com/us/telegram/com.venture_tg/5027

31.9K viewsDec 28, 2024 at 07:42

❕ Cyber firm’s Chrome extension hijacked to steal user passwords

Cyberhaven, a data-loss prevention startup, reported that hackers hijacked its account to publish a malicious update to its Chrome extension, which could steal user passwords and session tokens. This incident, occurring on December 25, is suspected to be a supply-chain attack. Cyberhaven confirmed the breach and removed the compromised extension from the Chrome Web Store soon after detecting the attack.

They advised affected customers to revoke and rotate all passwords and review logs for any malicious activity. The company is cooperating with federal law enforcement and has engaged an incident response firm, Mandiant, to investigate the breach. It appears that this attack may be part of a larger campaign targeting multiple Chrome extension developers.

💬 Source

📌 Powered by V3V Ventures