ICT Security-Sécurité PC et Internet
87.1K views | +0 today
Follow
ICT Security-Sécurité PC et Internet
Education Technology
ICT Security + Privacy + Piracy + Data Protection - Censorship - Des cours et infos gratuites sur la"Sécurité PC et Internet" pour usage non-commercial... (FR, EN+DE)...
Curated by Gust MEES
Your new post is loading...
Your new post is loading...
Scooped by Gust MEES
Scoop.it!

Google Chrome: Beware these malicious extensions that record everything you do | #Droidclub #SessionReplay #CyberThreats

Google Chrome: Beware these malicious extensions that record everything you do | #Droidclub #SessionReplay #CyberThreats | ICT Security-Sécurité PC et Internet | Scoop.it
From www.zdnet.com - February 19, 2018 9:40 AM

Google has removed 89 malicious extensions from the Chrome Web Store that have been installed on over 420,000 browsers, turning them into Monero-mining slaves and loading a tool to record and replay what their owners do on every website they visit.

Researchers at Trend Micro dubbed the family of malicious extensions Droidclub and discovered they included a software library with so-called "session-replay scripts" used by online analytics firms.

Princeton's Center for Information Technology in November drew attention to the increasing use of session-replay scripts by third-party analytics firms on high-traffic websites.

The study looked at replay services from Yandex, FullStory, Hotjar, UserReplay, Smartlook, Clicktale, and SessionCam, which were found on nearly 500 popular sites.

The scripts allow a site owner to essentially shoulder-surf their visitors by recording and replaying your "keystrokes, mouse movements, and scrolling behavior, along with the entire contents of the pages you visit".

But instead of allowing a site owner to record and play back what users do on one site, Droidclub extensions allow the attacker to see what victims do on every single site they visit.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Cyberespionage

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Privacy

 

https://gustmees.wordpress.com/2013/12/21/privacy-in-the-digital-world-shouldnt-we-talk-about-it/

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Session-Replay+Scripts

 

Gust MEES's insight:

Google has removed 89 malicious extensions from the Chrome Web Store that have been installed on over 420,000 browsers, turning them into Monero-mining slaves and loading a tool to record and replay what their owners do on every website they visit.

Researchers at Trend Micro dubbed the family of malicious extensions Droidclub and discovered they included a software library with so-called "session-replay scripts" used by online analytics firms.

Princeton's Center for Information Technology in November drew attention to the increasing use of session-replay scripts by third-party analytics firms on high-traffic websites.

The study looked at replay services from Yandex, FullStory, Hotjar, UserReplay, Smartlook, Clicktale, and SessionCam, which were found on nearly 500 popular sites.

The scripts allow a site owner to essentially shoulder-surf their visitors by recording and replaying your "keystrokes, mouse movements, and scrolling behavior, along with the entire contents of the pages you visit".

But instead of allowing a site owner to record and play back what users do on one site, Droidclub extensions allow the attacker to see what victims do on every single site they visit.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Cyberespionage

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Privacy

 

https://gustmees.wordpress.com/2013/12/21/privacy-in-the-digital-world-shouldnt-we-talk-about-it/

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Session-Replay+Scripts

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

State of the Union: Cyberthreat

State of the Union: Cyberthreat | ICT Security-Sécurité PC et Internet | Scoop.it
From www.zdnet.com - February 13, 2013 9:10 AM
President Obama signed a cybersecurity executive order yesterday. Our own David Gewirtz, one of America's leading cybersecurity experts, explains why Mr. Obama didn't go far enough.
Gust MEES's insight:

Wait and see what will be next steps...

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

A cryptojacking attack hit thousands of websites, including government ones | #CyberSecurity #CryptoCurrency #CyberThreats 

A cryptojacking attack hit thousands of websites, including government ones | #CyberSecurity #CryptoCurrency #CyberThreats  | ICT Security-Sécurité PC et Internet | Scoop.it
From www.technologyreview.com - February 17, 2018 12:19 PM

A cryptojacking attack hit thousands of websites, including government ones.


Surreptitious mining of cryptocurrency by hackers is spreading very, very fast.

The news: Over 4,000 websites, including those of the US federal judiciary and the UK National Health Service, have been weaponized by hackers to mine the cryptocurrency Monero on their behalf.

How it worked: Hackers injected malware into a widely used plug-in called Browsealoud that reads web pages our loud as a way of helping partially sighted people navigate the internet. The malware is based on the popular app Coinhive, a piece of software that uses processing power on someone’s device to mine cryptocurrency. The malicious version of the app does this without people's knowledge, coopting their computing power to enrich hackers.

Why it matters: Cryptojacking is rapidly becoming one of the world’s biggest cyberthreats. This news shows how easy it is for crooks to spread the trick, by infecting a single product used across multiples sites with a single hack.

 

Learn more / En savoir plus / mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Coinhive

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=crypto-currency

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=cryptojacking

 

 

Gust MEES's insight:

A cryptojacking attack hit thousands of websites, including government ones.


Surreptitious mining of cryptocurrency by hackers is spreading very, very fast.

The news: Over 4,000 websites, including those of the US federal judiciary and the UK National Health Service, have been weaponized by hackers to mine the cryptocurrency Monero on their behalf.

How it worked: Hackers injected malware into a widely used plug-in called Browsealoud that reads web pages our loud as a way of helping partially sighted people navigate the internet. The malware is based on the popular app Coinhive, a piece of software that uses processing power on someone’s device to mine cryptocurrency. The malicious version of the app does this without people's knowledge, coopting their computing power to enrich hackers.

Why it matters: Cryptojacking is rapidly becoming one of the world’s biggest cyberthreats. This news shows how easy it is for crooks to spread the trick, by infecting a single product used across multiples sites with a single hack.

 

Learn more / En savoir plus / mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Coinhive

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=crypto-currency

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=cryptojacking

 

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Take cyberthreats seriously, says counterterrorism expert

Take cyberthreats seriously, says counterterrorism expert | ICT Security-Sécurité PC et Internet | Scoop.it
From www.computerworld.com - August 3, 2011 4:57 PM
Cofer Black warns that government officials shouldn't dismiss warnings of imminent cyberattacks.
more...
No comment yet.
Sign up to comment
About Follow us Resources Terms Mobile Features
Facebook
X
LinkedIn