Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Datathreats. Show all posts
Password
Browser Extension Browser Vulnerability Cybersecurity Datathreats Digital Data Management LayerX Digital World Extensions Manage Passwords Password

Report Reveals Serious Security Issues in Common Browser Extensions

 


Modern digital workflows have become increasingly dependent on browser extensions, supporting a variety of tasks ranging from grammar correction, password management, and advanced AI integrations into everyday tasks. Browser extensions have become widely used across both personal and corporate environments, but they remain among the most overlooked vectors of cybersecurity risks in the world. 

Although end users continue to enjoy the convenience offered by these tools, many IT and security professionals are unaware of the significant threats that may be posed by the excessive permissions granted to these extensions, which can, in many cases, expose sensitive organizational data and compromise enterprise systems, and which can be a serious concern for an organization. 

In its Enterprise Browser Extension Security Report for 2025, a leading authority in browser extension security and management, LayerX Security offers comprehensive insight into the security and management of browser extensions. In this report, LayerX's extensive customer database of real-world enterprise telemetry is combined with publicly available data from major online marketplaces for browser extensions for the first time to present an analysis of actionable data from actual enterprise telemetry. 

A unique perspective is provided in this report by merging these two data streams and analyzing them through the lens of cybersecurity, to provide a comprehensive understanding of how browser extensions are used within enterprise environments, the behaviors of the employees who use them, and the risks associated with these extensions, all of which are often overlooked. 

Using this research, we will be able to examine the permissions commonly requested by extensions, identify the high-risk extensions currently in use, and identify critical security blind spots where organizations may be vulnerable to data leaks, unauthorized accesses, or malware infiltration due to critical security blind spots. This report differs from traditional studies, which have focused primarily on public metrics and hypothetical threat models, and instead presents a data-driven assessment of the actual behaviour of enterprises and the usage patterns of extensions. 

Using this report, organisations can gain a better understanding of critical security gaps, identify security blind spots, and demonstrate the danger of overly permissive extensions, which can lead to data leakage, unauthorised access, and third-party vulnerabilities. LayerX, a cloud-based threat management platform that combines internal usage data with external ecosystem data, provides an unprecedented insight into a threat landscape that has long been under the radar of many security and IT professionals. 

There are several ways in which browser extensions can be used to enhance browser functionality, including the ability to block ads, manage passwords, or customise user interfaces, but they can also be used to make users' browser more vulnerable. While many extensions offer legitimate productivity and usability benefits, not every extension is made with the idea of keeping users safe in mind at all times. As a result, there are increasing numbers of extensions that have been created with malicious intent. 

These extensions seek to steal sensitive data, monitor the activities of users, insert unauthorised advertisements, or, in severe cases, even fully control the browser. The Enterprise Browser Extension Security Report 2025 sheds light on the scope of this neglected risk by highlighting that extensions, by their very nature, often require extensive permissions, which can be easily exploited by attackers. Taking this into account, the report calls for an entirely new paradigm in the management of browser extensions across organisations' networks. 

IT and security teams are encouraged to adopt a proactive, policy-driven approach to oversight of extensions across enterprise endpoints. This begins with a thorough audit of each extension deployed across all enterprise systems. Creating an extensive inventory of extensions allows organisations to classify them according to their functions, determine their permission levels, assess the credibility of developers, and monitor update patterns to determine the trustworthiness of all extensions. 

By understanding this type of information, it is possible to develop a risk-based enforcement strategy that will enable high-risk or suspicious extensions to be flagged, restricted or blocked entirely without impacting the user's productivity. A key point highlighted in the report is the fact that adaptive security frameworks are imperative because they can respond dynamically to evolving threats in the browser ecosystem. As a result of the increasing number of attacks targeting browser extensions as delivery mechanisms for malware or data exfiltration, these measures are not just advisable, they are essential. 

Organisations cannot afford to ignore browser extensions as a secondary concern anymore. Because malicious or compromised extensions can bypass traditional perimeter defences in a way that is silent, malicious or compromised extensions are a critical threat vector that requires continuous visibility, contextual risk assessment and strategic controls to be effectively managed. 

In the past, "man-in-the-browser" attacks were primarily based on malware that would manipulate browser memory by identifying certain HTML patterns and injecting script> tags directly into the content of in-memory web pages. Despite the undeniable malicious nature of these methods, they were largely restricted by the browser's native security architecture, which in turn kept them from going too far. 

As a result, the scripts that were injected were restricted in their ability to access cross-site data, to persist beyond the session, or to execute outside the target page. Because they ran in a sandboxed environment, followed the same-origin policy, and were limited to the duration of the page on which they were inserted. Despite these limitations, modern threat actors are increasingly taking advantage of malicious browser extensions to circumvent them. 

Browser extensions are installed components that are independent of individual web pages, as opposed to traditional web-based malware. In a browser session, they will have access to elevated and persistent resources, allowing them to run continuously in the background, even when there are no tabs open at the time. 

The malicious extensions can bypass the same-origin constraints, intercept or modify information from multiple websites with these elevated privileges, access cookies and store them across domains with such elevated privileges, and exert ongoing control over browsing environments without immediate detection. As part of this evolution, a critical change was also made to the JavaScript execution context. 

Unlike traditional injections, where the injection executes in the same context as legitimate web application scripts and security tools, leaving behind detectable artefacts like DOM elements, JavaScript variables, and suspicious network requests, extensions are executed in a separate context, often with more privileges. By separating in-page activity, attackers are less likely to be discovered by conventional security tools that monitor in-page activity, making it easier to conceal their presence and sustain longer dwell times within compromised environments as a result. With their advanced capabilities and stealth, malicious browser extensions mark a significant change in the threat landscape and transform them into powerful weapons for cyber adversaries. 

For modern enterprises that are interested in maintaining robust browser-level security, they must understand and mitigate these risks. In addition to showing the scale and complexity of the threat landscape for browser extensions in 2025, the Enterprise Browser Extension Security Report 2025 also provides an actionable framework for mitigating the risks that may arise as a result. 

In addition to providing diagnostics, LayerX offers a clear, strategic roadmap to help enterprises move from a fragmented and unmonitored extension environment to one governed, structured, and secure. In addition to containing five core recommendations, this guidance can be used to assist security teams in implementing effective, scalable measures to protect their data.

1. Establish a Comprehensive Extension Inventory 

Visibility is a critical part of any meaningful browser extension security strategy, so organizations should establish a comprehensive inventory of all extensions installed across every managed device to establish a comprehensive security strategy. As part of the browser management APIs and endpoint management platforms, IT teams can track the installations and sideloaded components that are both officially installed. 

To effectively enforce policy and collect key metadata, such as extension IDs and versions, installation sources, publisher credentials, permissions requested, and installation timestamps, this comprehensive dataset must be created. It serves as the basis for all subsequent analysis and enforcement actions. 

2. Classify Extensions by Functionality and Risk Category 


As soon as an organisation establishes an inventory of extensions, it should categorise them according to their core functionality. These categories can be categorised according to whether the extensions enhance productivity, integrate AI, improve developer productivity, or encompass media. These categories should also be aligned with predefined risk categories. 

Extensions with GenAI or data scraping capabilities, for example, may require elevated access to the application and should be examined more closely; however, extensions whose capabilities are restricted to interface customisation might pose a much lower threat. By categorising the functional components of an application, security teams can prioritise oversight efforts and direct resources accordingly. 

3. Deep Dive into Permission Scopes and Access Levels


For security teams to understand the potential impact of each extension, it is vital to analyse the permission sets requested by each extension. Those teams should pay close attention to permissions categorised as high-sensitivity, such as the permissions to read and change all the data on each website users visit, to access browsing history and to manage downloads. Also, less well-known but equally risky scopes are "nativeMessaging" and "cookies." The use of a permissions-to-impact matrix is a great way for organisations to map technical access to risky scenarios in real-world scenarios, such as session hijacking, data exfiltration, or tampering with web requests. 

4. Conduct a Holistic Risk Assessment for Each Extension 


As part of a well-rounded risk assessment, contextual factors should be considered as well as technical factors, including the legitimacy of the publisher, the age of the extension, the frequency of updates, the user adoption patterns, and the rating of the extension store. 

Using these elements, one can create a weighted risk score for each extension, highlighting high-risk entries that are highly complex with powerful permissions but questionable provenances or widespread deployments. Using automated tools and dynamic dashboards, it may be possible to identify and prioritise emerging threats in real time, allowing for a swift response. 

5. Enforce Adaptive, Risk-Based Policies Across the Organisation 


It is recommended that organisations, instead of relying on rigid allowlists or denylists, develop flexible, risk-aware policies that are tailored to meet the specific needs of different user groups, business units, or levels of data sensitivity. A low-risk productivity extension could be automatically approved, while a high-risk or unverified extension may require manual approval or be restricted to an isolated developer environment. 

Several automated enforcement actions are available to ensure compliance as new extensions are installed, existing extensions are updated, and access is revoked, such as real-time alerts, forced uninstallations, or access revocations. Therefore, as browser extensions continue to become more and more prevalent across enterprise environments, there is a growing recognition that the risks they pose cannot be ignored as secondary. 

The report by LayerX is both a call to action and a blueprint for organizations to begin moving from passive tolerance to active governance, and is a call to action. By adopting a data-driven, structured approach to browser extension security, enterprises can reduce the risk they run from vulnerabilities while simultaneously maintaining the productivity gains that extensions were originally designed to deliver.
Read more »
Social Security Number
Billion Data Records Cyber Security Cyber Security Cybercrime Cyberhackers Cyberthreats Datasecruity Datathreats Social Security Number

2.7 Billion Data Records Leaked Including Social Security Numbers

 


There has been news about a prominent hacking group that claimed a large amount of sensitive personal information was allegedly stolen from a major data broker about four months ago, but a member of that group has reportedly released most of the information for free on an online marketplace where stolen personal information is sold. 

A breach of sensitive data, including Social Security numbers and other personal information of Americans, could have a transnational impact on identity theft, fraud and other crimes, said Teresa Murray, director of consumer advocacy for the U.S. Public Information Research Group. An online hacking forum has exposed nearly 2.7 billion personal information records belonging to Americans, including names, addresses and even Social Security numbers. 

Information including Social Security numbers was also posted to the forum. This data originated from a company which collected and sold the data for legitimate purposes but in April 2024, it is claimed that the data was stripped and offered for sale by the company. As part of the investigation, it was reported that the information had been stolen from National Public Data by a threat actor called USDoD. 

Using information scraping from public sources, National Public Data compiles individual profiles that are then used to create portfolios of individual properties, which are marketed to consumers. In addition to serving private investigators, the company also provides background checks and criminal record searches to a variety of government agencies and organizations. 

It was reported that the data was scraped by a company called National Public Data, along with names, addresses, and even Social Security numbers, which were retrieved from a database scraping company. Earlier this year, Jericho Pictures Inc., which is an operator of the National Public Data program, played a key role in the court case that occurred in the Southern District of Florida regarding the data. 

As Bloomberg Law reports, plaintiff Christopher Hofmann brought forth a claim against Jericho Pictures over a violation of data privacy and the gross negligence of the company about sensitive and personal information. Hoffman also argues that the method of assembling data that National Public Data uses is not open to the public and, as a result, not approved by the people whose data is being gathered in this way. 

As Jericho Pictures and National Public Data have yet to comment on the massive data breach that affected more than 2.7 billion people, it remains uncertain if they will purge or encrypt their existing data to avoid any further damage to their reputations. A hacker forum in which Fenice is known has been flooded with files obtained from the hacker community, which had been purloined. Fenice's posts were a much more complete version of previous breaches, which he uploaded for free. 

Fenice now lays legal responsibility for the leak of National Public Data's information, however, it is clear that it has been caused by another hacker, SXUL, rather than USDoD, a prominent hacker suspected of leaking information. It is worth noting that when USDoD first acquired the data, it offered to sell it for 3.5 million dollars. 

As per the hacker, the database had been compromised and had contained 2.9 billion records containing information on millions of people in Canada, the United Kingdom, and America. There has been a lot of buzz about USDoD, ever since it was linked to an alleged attempt for $50,000 to be made on InfraGard's user database in December of 2023 by two individuals. As a result, a variety of threats have penetrated the network and released partial copies of the data, with each leak sharing a different number of records and, in some cases, different data types compared to the previous leak. 

An individual identified as "Fenice" on August 6th leaked the most complete version of the stolen National Public Data data free of charge on the Breached hacking forum under the name of Fenice.  The data breach, however, was subjected to another threat actor that Fenice referred to as "SXUL," instead of the US Department of Defense, who was responsible. In addition, this data may have become outdated, having no current address for any of the people checked, so there is a possibility that this data has been taken from an old backup, which would indicate that older data may have been used. 

Jerico Pictures, which is believed to be operating under the name National Public Data, has been sued numerous times for not adequately protecting the personal information of people as a result of the data breach. This data contains a huge number of social security numbers, which means that users should monitor their credit report for any signs of fraudulent activity and report it to the appropriate credit bureau if they find any. 

As previously leaked samples will also contain phone numbers and email addresses, users must remain vigilant against phishing attempts as well as SMS texts that may attempt to get them to provide additional sensitive information through phishing e-mails and SMS texts. Christopher Hofmann, the named plaintiff, reported that on July 24, he was informed by his identity theft protection service provider that his personal information had been compromised. 

According to the notification, the breach occurred as a direct result of the security incident involving the website "nationalpublicdata.com." It was further disclosed that Hofmann's data had been published on the dark web, highlighting the serious nature of the breach and its potential implications for those affected.
Read more »
User Data
Cyberattack Data Breach Datathreats Saltzer health care User Data

Saltzer Health Says Patient Data Exposed in Cyberattack

 

Saltzer Health, an Intermountain Healthcare company has recently witnessed a cyberattack. The company has started alarming its employees and patients about the breach and sent alerts informing them that their protected health information might have been compromised following a hack on a connected third party. 

According to the static data, the company operates 12 clinics and urgent care facilities in Boise, Caldwell, Meridian, and Nampa, Idaho. After the attack’s findings, the company issued a statement in which it stated that the attackers had access to the employee email account between May 25 and June 1, 2021. 

Also, during the investigation researchers discovered that the email account did contain personal data that was compromised during the period of unauthorized access. Compromised data includes names, contacts, driver’s license numbers, and state identification numbers, and, in some cases, social security numbers and financial account details. 

Additionally, medical information that has been compromised includes medical history, diagnosis, treatment details, physician information, and prescription medication information, along with health insurance information. All impacted individuals will receive two years of identity theft detection resolution services. 

While the company did not issue any statement on the number of affected personnel, the company told the U.S. Department of Health and Human Services that 15,650 individuals’ data was potentially compromised during the hack. 

The company said that it has taken steps to mitigate the risk of data theft including resetting the affected email accounts passwords and also monitoring its systems for any suspicious activity. 

“Saltzer Health encourages all individuals to remain vigilant against incidents of identity theft and fraud by reviewing account statements and explanation of benefits, and monitoring free credit reports for suspicious activity,” the organization says.
Read more »
VPN
Cyber Security Cyberthreats Datathreats HTTP Technology VPN

Here's Why You Should Not Rely on a VPN Anymore

 

Virtual private networks (VPNs) are still used by millions of people to hide their activities on the internet by encrypting their location and web traffic. Over a period of time, advancement in technology brought changes in cybersecurity landscapes, thanks to the widespread use of encryption that has made public internet connections far less of a security threat, cybersecurity experts stated. 

Cybercriminals are less interested in attacking people’s individual devices and instead focus on the login credential to their most important accounts, experts said. For years, cybercrimes experts urged people not to use Wi-Fi hotspots at public places like coffee shops and stations without taking steps to obscure their internet traffic. For example, if you are sharing a Wi-Fi network with a stranger it means you essentially sharing all your traffic with him who was using it. If someone decides to check their Bank balance, for instance, they give an opportunity to a nearby hacker to steal important data. 

But VPNs provided net safety to this problem over the decades. VPN allows users to use the internet with enhanced security and privacy. It reroutes users’ internet traffic through their own servers and makes browsing more secure and private. It also helps users to stay secure when using public Wi-Fi connections. That can slow browsing speed, but hides the user’s Internet Protocol address and allows access to more internet sources. 

However, now most browsers have implemented (HTTPS) an extra layer of security that automatically encrypts internet traffic. Hypertext transfer protocol secure (HTTPS) is a secure version of HTTP, it is a protocol that is used for sending data between a web browser and a website. HTTPS is encrypted in order to secure data transfer. It becomes important when a user transmits important data, such as by logging into a bank account, email service, etc. 

More and more websites offer HTTPS connections such as Google, Brave, Chrome, Firefox, Safari, and Edge. 

“Most commercial VPNs are snake oil from a security standpoint,” said Nicholas Weaver, a cybersecurity lecturer at the University of California, Berkeley. “They don’t improve your security at all...” 

 “…Remember, someone attacking you at the coffee shop needs to be basically AT the coffee shop. I don’t know of them ever being used outside of pranks. And those are all irrelevant now with most sites using HTTPS,” he added.
Read more »
Subscribe to: Posts (Atom)