This week’s security stories are a wake-up call to the fact that non-glamorous threats can end up posing a risk to your privacy and devices. From a malicious Firefox extension that’s packing malware to a massive extortion-related data heist affecting Pornhub members, these reports are so serious they wouldn’t make the headlines of a thriller movie about cybersecurity – but still worth knowing. Here’s a summary of the top security stories that aren’t sexy but definitely serious.
Firefox Extensions Discovered with Malware Hidden among Thousands

Victims Warned to Remove Malicious Plug-ins Instantly

Experts advise those who have downloaded and installed any kind of unknown Firefox add-on, such as free VPNs, ad blockers, and utilities, to remove them as quickly as possible. Malwares such as GhostPoster demonstrate that browser addons are yet another increasingly used “software supply chain” attack vector whereby perpetrators take advantage of people’s trust in tiny software utilities. The best way to be safe is simply to trust known makers and ask for minimal permissions.

Hackers Say They’ve Stolen Millions of Pornhub Users’ Data

Meanwhile, in another disturbing case, hackers called ShinyHunters have claimed to have hacked a premium analytics database belonging to over 200 million users of a pornography site named Pornhub. They have stolen users’ basic information, including their email addresses, video or URL links, keywords, and view/search history. They have now resorted to blackmail in a bid to extort money from the company in exchange for not making the data publicly available; they will accept money in the form of Bitcoin.

Controversy Concerning the Nature of the Compromised Data

Contrary to this, Pornhub claims that the essential network was never compromised and that no passwords or financial information was leaked. The network blames the breach on the analytics data set that was maintained by the third-party service provider. The third-party service provider has now contradicted the network and claims that the breach may well have occurred because the data was accessed earlier by a valid user account.

However, extortion that follows data breaches will by no means go away

The rise of ransom payments in the context of compromised user data, down to viewing history or behavior, can be seen as an aspect of a larger trend in cyber crime: the value of leverage, the value of reputation, and the motivation to use that data that can be leveraged, no matter how personal. The way businesses approach the metadata of browsing activity needs to be reassessed.

Lessons for the Rest of Us: Information Security for Internet Users

Regarding browser malware attacks, massive datal theft operations conducted with the aim of extortion, the following are some important takeaways with regards to this week’s news: Be wary of browser extensions, particularly those offering free or premium services. Ensure your software is kept up to date to avoid exposure to exploits. Handle all the individual viewing and usage information with care and do not assume that it is secure, simply because it is not financial information. Be aware of extortion attacks that follow compromises – attackers may use psychological tactics as well as technical skills. While all this may not be particularly exciting, one thing is certain, and that is that such developments demonstrate just how real threats can impact regular web surfers.

You may also like: Hackers Are Targeting Windows 10. Do This One Thing To Stay Safe

News Source: Pcmag.com