A new security breach has affected over 2.6 million Chrome users through popular browser extensions. Attackers tricked extension developers with a fake email, convincing them to grant special permissions to a malicious app. Once approved, the attackers added harmful code to trusted extensions, allowing them to steal personal data like login details and browsing information.

The first sign of the attack came from cybersecurity firm Cyberhaven, whose employee was targeted on December 24, 2024. This led to the spread of the malicious code in several widely used extensions, including tools for AI chat and VPN services.

Experts warn that extensions—small tools that enhance your browser experience—can access sensitive data, making them vulnerable targets for hackers. While some affected extensions have been removed from the Chrome Web Store, users are still at risk if they haven’t updated or removed these extensions from their browsers.

It's a...

Start 2025 with stronger digital security by updating your passwords to be long and unique, enabling multi-factor authentication (MFA) on key accounts, and reviewing your privacy settings. Regularly check for software updates, remove unused apps, and delete old or outdated accounts and information you no longer need. Make this year the one you prioritize your online safety!

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support

Belgian and Dutch authorities have arrested eight suspects linked to a "phone phishing" gang that targeted victims across at least ten European countries. The operation, coordinated by Europol and Eurojust on December 6, 2024, involved 17 searches in Belgium and the Netherlands, resulting in the seizure of cash, firearms, luxury watches, jewelry, and electronic devices. The suspects, aged 23 to 66 and based mainly in Rotterdam and Almere, impersonated police officers or bank staff to deceive primarily elderly victims into revealing their financial information.

The gang employed various tactics, including phishing messages via email, SMS, and WhatsApp, and approached victims directly under false pretenses. They drained accounts and spent millions on luxury items and vacations. Jan van der Linden of the Rotterdam police noted that while victims suffered significant losses, the suspects flaunted their extravagant lifestyles.

In light of this operation, authorities have...

When linking apps to your Google, Apple, or Facebook accounts, only grant necessary permissions and avoid over-sharing personal data, as it increases your risk of breaches. Regularly review and revoke access to unused apps and connect only with reputable ones to enhance your security. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support.

Malicious software can spread through unexpected messages—no action required! Be cautious, even with messages from friends or family. Don’t click links or download files unless you’re sure they’re safe.

Quick Tips:

• Be wary of unexpected messages.
• Verify links before clicking.
• Use strong email filters.
• Keep software updated.

Stay smart and secure!

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support

It's important to adopt a "zero-trust" mindset, treating every device and user as a potential threat, verifying access before sharing sensitive information. This means verifying everyone and everything before granting access to sensitive information, whether it's through secure logins or trusted communication tools. This approach helps minimize risks and ensures your data remains safe from unauthorized access.

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support

Keep Bluetooth disabled when not in use and avoid accepting connections from unknown devices. Unauthorized Bluetooth connections can expose your device to security risks, including potential attacks. Always pair only with trusted devices and be cautious when sharing your Bluetooth signal. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support. 

Always verify that software updates come from trusted sources. While keeping your software up to date is crucial for security, downloading updates from unverified sources can expose your system to malicious software disguised as legitimate updates. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support. 

As we prepare for the Roar Event, please stay vigilant about your belongings. keep wallets, ID cards, and devices in a front pocket or secure bag. Be cautious when using public Wi-Fi at the event, use your own mobile data if possible and refrain from discussing work matters in public. By staying mindful of these precautions, we can enjoy the event and avoid potential problems.

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support

Cybersecurity researchers have warned about a new phishing attack that uses corrupted Microsoft Office files and ZIP archives to bypass email security. According to ANY.RUN, this attack evades antivirus software, prevents files from being analyzed in secure environments (like sandboxes), and gets past Outlook's spam filters, allowing harmful emails to reach your inbox. The attack involves sending emails with intentionally damaged attachments, such as ZIP files or Office documents, which are designed to avoid detection by security tools and trick users into opening them with fake promises of employee benefits or bonuses.

Source: https://thehackernews.com/2024/12/hackers-use-corrupted-zips-and-office.html