Security researchers have unearthed a Google Chrome extension that has potentially leaked the personal information of more than a million users back to a single IP address in the US.
Called Webpage Screenshot, the extension allows users to take a screen capture and store it. The extension has been downloaded 1.2 million times but hides the ability to copy data from a user.
Martin Zetterlund, founding partner at IT security firm ScrapeSentry, said that the firm had “identified an unusual pattern of traffic to one of our client's sites which alerted our investigators that something was very wrong.”
Penned back at the tail end of 2013, this old favourite continues to be read for its predictions on the IT security industry in 2014. And while SC may have got it right on the insider threat, nation-state attacks and DDoS attacks, perhaps our predictions on Internet of Things attacks and regional clouds were less on point.
Facebook privacy is once again in question with researchers finding that the social networking giant tracks all visitors, including those who do not have a user account.
In a report commissioned by the Belgian data protection agency and first seen by The Guardian, researchers revealed that Facebook tracks the web browsing of everyone who visits on a page on the facebook.com domain, irrespective if they are a user or not, or even if they have explicitly opted out of tracking in the EU via the European Digital Advertising Alliance website.
“In 2015 we fully expect a business to fail due to the financial consequences of a cyber-attack,” says Joe Hancock, cyber-security specialist at Lloyd's insurer AEGIS London in a statement received by SCMagazineUK.com.
Hancock adds: “These attacks are now increasingly destructive as we have seen with the recent attack on Sony Entertainment and statistics from the Organisation of American States (OAS). This trend is going to continue, with affected businesses squeezed between a shrinking top-line due to reputational harm and rising costs to get back on their feet.”
The company warns that the costs of cyber-attacks are increasing as the volume of data stolen rises and the attacks themselves become more destructive, with greater numbers of destructive attacks predicted for 2015 and beyond. Direct costs of an attack and claims of negligence such are likely to increase the cost of doing business and detrimentally affect future earnings suggests AEGIS.
While the statement issued does not call on the industry to get insured for cyber-risk, that appears to be the clear implication given the source of the report.
Worldwide law enforcement continues to voice concerns over technology companies' increasing use of encryption.
The FBI, Europol and Britain's MI6 separately expressed misgivings about technology companies this week, with encryption especially sweating under the microscope.
Coming just weeks after Prime Minister David Cameron's inferred comments that encryption should be banned, Europol's Rob Wainwright, Mi6's Alex Younger and FBI's James Comey reopened fresh wounds, suggesting that encryption is being used by criminals to hide their activities.
Speaking on the BBC's 5 Live Investigates programme earlier this week, Wainwright was vocal in how encryption can hinder criminal investigations.
“There is a significant capability gap that has to change if we're serious about ensuring the internet isn't abused and effectively enhancing the terrorist threat,” said Wainwright, the Europol director.
On encryption, he added: “It's become perhaps the biggest problem for the police and the security service authorities in dealing with the threats from terrorism," he said. "It's changed the very nature of counter-terrorist work from one that has been traditionally reliant on having good monitoring capability of communications to one that essentially doesn't provide that anymore."