Category Archives: Security

Chrome Extension Hijacked

Over 1 million Chrome users have been exposed to a hijacked extension called Web Developer allowing cyber criminals the ability to directly inject malicious JavaScript code to serve up advertisements to anyone using the extension. The plugin has access to sensitive information, such as passwords and pretty much anything used by the browser itself. Anyone using he affected 0.4.9 version of the extension is urged to upgrade to 0.5 as soon as possible. It is also advised to change any passwords of accounts which may of been compromised due to using the affected extension.

XP you have been retired, well almost

XPI felt it only fitting seeing as everyone else in the ether is talking about the demise of Windows XP to chime in on the subject. As I am sure you are aware after the 8th April 2014 Microsoft XP is officially end of life and will no longer be updated with new security updates or support. However the ageing operating system will be granted one last reprieve in terms of anti-malware updates to both it signatures and engine.

Microsoft are attempting to encourage as many as possible to leave the ageing operating system and move to its latest and greatest flagship products to avoid the risk of infection and security woes. It would appear XP has been down this road a few times, but it really does look like this is the final encore – come April 2015  big brother wants you off your XP addiction for good !.

Read the official Microsoft statement here.

WhatsUp or is that WhatsApp ?

whatsappBeware, WhatsApp looks to be the target of yet another cyber scam this time pertaining to be the popular mobile messaging application WhatsApp.

For those who do not know what WhatsApp is, it is an application which first came to users pre-dating iMessage, and offered a simple effective cross platform messaging service but without the cost of sending text messages between devices.

This time the cyber scammers are looking not to give you a non-existent copy of the messaging application for PC but a lovely banking Trojan instead.

Read the full article here over at The Hacker News

Java, turn me off !

Well at least disable for now.

A zero day vulnerability has raised its head above the security parapet for Java.

Millions of devices worldwide use Java (as we are reminded when installing or updating) something that Oracle should be very proud of – but currently something it should be very uncomfortable about !!

It could be a little while before the patch cycle catches up to fix this problem, so the advice is to disable Java until an official update is released to close this hole.

For more on this, head on over to the Register for more.

A video demonstrating an easy PoC (Proof of concept) is available via YouTube

LulzSec strikes again !

Sony was yet again targeted and left red faced when the group LulzSec managed to breech security and post their findings. It would seem even tho a similar breech was possible via an SQL injection, Sony had appeared to have failed to patch the amost very same hole !

Sony only recently managed to get the PlayStation Store back online due to a previous hack, lessons however were not learnt. A very public message was handed out to consumers to instil confidence back in the company, only then to be proven once again the flaws remained. LulzSec group members motivation was to highlight that Sony had once again failed to secure users data, which insanely was left in the clear.

Now it would appear that Nintendo has also been a subject of interest when a file which was gained by a recent attack on one of the companies servers was posted online.

Let’s just hope that companies take heed of the recent LulzSec intrusions and as a minimum encrypt our data to avoid it becoming public fodder for all to see !