A new geological study reshapes the timeline of a major tectonic collision that helped form the Andes, suggesting key events occurred earlier than long assumed.
Get the latest international news and world events from around the world.
108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users
Cybersecurity researchers have discovered a new campaign in which a cluster of 108 Google Chrome extensions has been found to communicate with the same command-and-control (C2) infrastructure with the goal of collecting user data and enabling browser-level abuse by injecting ads and arbitrary JavaScript code into every web page visited.
According to Socket, the extensions (complete list here) are published under five distinct publisher identities – Yana Project, GameGen, SideGames, Rodeo Games, and InterAlt – and have collectively amassed about 20,000 installs in the Chrome Web Store.
“All 108 route stolen credentials, user identities, and browsing data to servers controlled by the same operator,” security researcher Kush Pandya said in an analysis.
Crypto-exchange Kraken extorted by hackers after insider breach
The Kraken cryptocurrency exchange announced that a cybercrime group is trying to extort the company by threatening to release videos showing internal systems that host client data.
The company’s Chief Security Officer, Nick Percoco, stated that the incident did not put client funds at risk and involved an insider threat, with two instances of improper access to limited customer data by support employees.
Kraken says that it will not pay or negotiate with the threat actor.
Over 100 Chrome Web Store extensions steal user accounts, data
More than 100 malicious extensions in the official Chrome Web Store are attempting to steal Google OAuth2 Bearer tokens, deploy backdoors, and carry out ad fraud.
Researchers at application security company Socket discovered that the malicious extensions are part of a coordinated campaign that uses the same command-and-control (C2) infrastructure.
The threat actor published the extensions under five distinct publisher identities in multiple categories: Telegram sidebar clients, slot machine and Keno games, YouTube and TikTok enhancers, a text translation tool, and utilities.