Attackers (ab)using Google Chrome. [Research Saturday]

FromCyberWire Daily

Start listening View podcast show

Attackers (ab)using Google Chrome. [Research Saturday]

FromCyberWire Daily

ratings:

Length:

20 minutes

Released:

Feb 20, 2021

Format:

Podcast episode

Description

Guest Bojan Zdrnja of Infigo IS and a certified instructor at SANS Institute shares an incident he discovered where attackers were using a pretty novel way of exfiltrating data and using that channel for C&C communication. The code that was acquired was only partially recovered, but enough to indicate powerful features that the attackers were (ab)using in Google Chrome. The basis for this attack were malicious extensions that the attacker dropped on the compromised system.
The research can be found here:
Abusing Google Chrome extension syncing for data exfiltration and C&C

Released:

Feb 20, 2021

Format:

Podcast episode

More Episodes from CyberWire Daily

Skip carousel

Encore: Rosa Smothers: Secure the planet. [Intelligence] [Career Notes] by CyberWire Daily
7 min listen
Exploring the mechanics of Infostealer malware. [Research Saturday] by CyberWire Daily
29 min listen
A hacking keeps you humble. by CyberWire Daily
39 min listen
Whistleblower warns of profit over protection. by CyberWire Daily
34 min listen
COATHANGER isn’t hanging up just quite yet. by CyberWire Daily
31 min listen
Hijacking your heritage. by CyberWire Daily
34 min listen
Rethinking recalls. by CyberWire Daily
37 min listen
Encore: Geoff White: Suddenly all of the pieces start to line up. [Journalism] [Career Notes] by CyberWire Daily
8 min listen
Riding the hype for new Arc browser. [Rsearch Saturday] by CyberWire Daily
28 min listen
A snapshot of security woes. by CyberWire Daily
32 min listen
CISA's calls for a JCDC makeover. by CyberWire Daily
30 min listen
Opening up on hidden secrets. by CyberWire Daily
32 min listen
Ransomware hit causes pathology paralysis. by CyberWire Daily
34 min listen
Solution Spotlight on the 2024 NICE Conference Keynote: A Journey with No Destination: A CISO’s Pathway to a Cybersecurity Career. [Special Edition] by CyberWire Daily
26 min listen
SolarWinds and the SEC. by CyberWire Daily
21 min listen
Things aren’t looking so Shiny(Hunters) at cloud provider Snowflake. by CyberWire Daily
29 min listen
Solution Spotlight on the 2024 NICE Conference: Business Roundtable. by CyberWire Daily
31 min listen
Encore: Diane M. Janosek: It's only together that we are going to rise. [Education] [Career Notes] by CyberWire Daily
8 min listen
1700 IPs and counting. [Research Saturday] by CyberWire Daily
18 min listen
New cybersecurity bill aims to untangle federal regulations. by CyberWire Daily
36 min listen
Operation Endgame: Hackers' hideouts exposed. by CyberWire Daily
39 min listen
Alleged leaked files expose a dirty secret. by CyberWire Daily
43 min listen
FBI untangles the web that is Scattered Spider. by CyberWire Daily
39 min listen
Memorial Day special. by CyberWire Daily
20 min listen
Encore: Richard Torres: Getting that level of experience is going to be crucial. [Security Operations] [Career Notes] by CyberWire Daily
8 min listen
International effort dismantles LockBit. [Research Saturday] by CyberWire Daily
31 min listen
Cybercriminals target London drugs. by CyberWire Daily
30 min listen
Checkmate at check in. by CyberWire Daily
40 min listen
Privacy nightmare or useful tool? by CyberWire Daily
32 min listen
The secrets of a dark web drug lord. by CyberWire Daily
40 min listen

Related podcast episodes

Skip carousel

The double-edged sword of cyber espionage. [Research Saturday] by CyberWire Daily
20 min listen
Riding the hype for new Arc browser. [Rsearch Saturday] by CyberWire Daily
28 min listen
Using bidirectionality override characters to obscure code. [Research Saturday] by CyberWire Daily
25 min listen
Automated Binary Analysis: Modellansatz 137 by Modellansatz
53 min listen
VSCode Vulnerabilities - Thomas Chauchefoin, Paul Gerste - PSW #804: For the Security News, we officially welcome Bill Swearingen to our expert panel of PSW hosts, and discuss the news including hacking shenanigans, QNAP, recovering crypto currency, Android malware, and more! Then in a pre-recorded segment: Sonar... by Security Weekly Podcast Network (Audio)
178 min listen
December 10, 2020: The Cybersecurity community responds to FireEye hack Christopher Krebs sues over threats of violence Google makes changes to how Chrome extensions handle data Thanks to our sponsor, Code42. Code42, insider risk detection and response leader, is... by Cyber Security Headlines
6 min listen
January 20, 2022: CISA warns of data-wiping attacks EU working on its own DNS service Biden expands the NSA’s cybersecurity purview Thanks to our episode sponsor, Datadog In 's upcoming webinar, you’ll learn how to best utilize the suite of Datadog Cloud Security... by Cyber Security Headlines
7 min listen
Sourcetrail with Eberhard Gräther: Rob and Jason are joined by Eberhard Gräther to discuss his work on Sourcetrail, a cross-platform source explorer for C++ code. Eberhard Gräther is software developer, user experience designer and founder at Coati Software. He started programming... by CppCast
53 min listen
January 17, 2022: Microsoft discloses malware attack on Ukraine government networks New unpatched Apple Safari browser bug allows cross-site user tracking Now you can get your vulnerability alerts by phone Thanks to our episode sponsor, Datadog Join in their upcoming... by Cyber Security Headlines
8 min listen
January 7, 2022: Honda, Acura cars hit by Y2K22 bug that rolls back clocks New trick could let malware fake iPhone shutdown to spy on users secretly Attackers exploit flaw in Google Docs’ comments feature Thanks to our episode sponsor, deepwatch Increasing... by Cyber Security Headlines
8 min listen
Can ransomware turn machines against us? [Research Saturday] by CyberWire Daily
19 min listen
2021-008-Jasmine jackson - TheFluffy007, Bio and background, Android App analysis - part 1: @thefluffy007 A Bay Area Native (Berkeley) I always tell people my computer journey started at 14, but it really started at 5th grade (have a good story to tell about this) Was a bad student in my ninth grade year - almost kicked out of high school... by BrakeSec Education Podcast
53 min listen
January 18, 2022: Ukraine points fingers in recent cyber attacks Another dark web marketplace calls it quits Renewable energy targeted for cyber espionage Thanks to our episode sponsor, Datadog In 's upcoming webinar, you’ll learn how to best utilize the suite of ... by Cyber Security Headlines
6 min listen
BeyondCorp with Robert Sadowski: On this episode of the podcast, our old pal Mark Mirchandani is joined by special guest host Max Saltonstall to talk trust and security products with fellow Googler Rob Sadowski. by Google Cloud Platform Podcast
46 min listen
The supply chain in disarray. [Research Saturday] by CyberWire Daily
20 min listen
Tomer Bar, Raghu Nandakumara, Erik Huckle - ESW #330: Having direct visibility into your access data is crucial for two reasons: 1. Simplifying audit preparation and 2. Managing progress of your identity program to ensure peak performance. Internal auditors and compliance managers need easy access to... by Security Weekly Podcast Network (Audio)
154 min listen
2021-009-Jasmine_Jackson-TheFluffy007-analyzing_android_apps-FRida-Part2: @thefluffy007 A Bay Area Native (Berkeley) I always tell people my computer journey started at 14, but it really started at 5th grade (have a good story to tell about this) Was a bad student in my ninth grade year - almost kicked out of high school... by BrakeSec Education Podcast
50 min listen
S12:E3 - How to hack legally and penetrate the security field (Karen Miller): If you try, even you can hack it...just do it legally. by CodeNewbie
42 min listen
Targeting your browser bookmarks? [Research Saturday] by CyberWire Daily
18 min listen
2022 Human Factor Report: Reviewing a Year of Headline-Making Threats by Protecting People
39 min listen
New exploits are tricking Chrome. [Research Saturday] by CyberWire Daily
16 min listen
VSCode Vulnerabilities - Thomas Chauchefoin, Paul Gerste - PSW #804: Sonar Vulnerability Researchers Thomas Chauchefoin and Paul Gerste conducted research on the security of Visual Studio Code — the most popular code editor out there — which was presented at DEF CON 31 in August. The pair uncovered a few ways for... by Security Weekly Podcast Network (Video)
51 min listen
Episode 31: Strategic Decision Making & More (Part 3) by Algorithms + Data Structures = Programs
28 min listen
November 24, 2021: Over nine million Android devices infected Researcher discloses zero-day exploit due to low bounty payouts Threat actors compromise exposed services in 24 hours Thanks to our episode sponsor, deepwatch Increasing ransomware attacks and their evolving... by Cyber Security Headlines
8 min listen
Cerber ransomware strikes Linux. [Research Saturday] by CyberWire Daily
16 min listen
When good-faith hacking gets people arrested, with Harley Geiger by Lock and Code
40 min listen
Joker malware family: not a joke for Google Play. [Research Saturday] by CyberWire Daily
18 min listen
99: Pop-Up Headlights: Adventures in Go, Apple's software-quality issues, Marco's blogging issues, and the rumored 12-inch MacBook Air. by Accidental Tech Podcast
120 min listen
Responsible Exploit Disclosure: A New Perspective with MacKenzie Brown from Blackpoint Cyber by Business of Tech
21 min listen
A Survey Assessing Github Copilot: In this episode, we are joined by Jenny Liang, a PhD student at Carnegie Mellon University, where she studies the usability of code generation tools. She discusses her recent survey on the usability of AI programming assistants. Jenny discussed the... by Data Skeptic
26 min listen

Discover this podcast and so much more

Attackers (ab)using Google Chrome. [Research Saturday]

Attackers (ab)using Google Chrome. [Research Saturday]

Description

More Episodes from CyberWire Daily

Related podcast episodes