WHAT IS EMAIL BOMBARDMENT?

-
Image
An email bombing is an attack on your inbox that involves sending massive amounts of messages to it. Sometimes these messages are incomprehensible. But more often, they will be confirmation emails for newsletters and subscriptions. Thus, in the latter case, the attacker uses a script to search for forums and newsletters on the internet. Then they sign up for an account with your email address. Each will send you a confirmation email, asking you to confirm your address. Also, this process is repeated on as many unprotected sites as the script can find. The term Email Bombing or Email Bombing; it can also refer to flooding an email server with too many emails. In an attempt to overwhelm the server and disable it. But that's not the goal here; it would be a challenge to cut down on the modern email accounts used. Meanwhile, Google or Microsoft email servers, anyway. So instead of a denial of service (DOS) attack; against the email servers you are using. Also, the flood of messages...
2 comments

BE SAFE FROM BROWSERS EXTENSION

-

More and more tasks are done directly from the web, from the browser and without having to install any app. The extensions improve the functions of the browser and provide tools that are sometimes really interesting. This, however, not only brings convenience benefits to the user, but often also to third parties when it comes to obtaining information without the user's permission. And for this, browser extensions are a perfect gateway.

Browsers extension


According to ZDNet, in recent days Google has removed a total of 49 extensions from Chrome. All of them were posing as legitimate cryptocurrency wallets when they were actually inserting malware into the browser or directly stealing passwords and other access data to users' cryptocurrencies. The security expert who found them explains that they all used a similar system, so probably the same person or group is behind all of them.

The extensions imitated other genuine ones in appearance, only that when entering the data they went directly to a private server or a Google Docs form. According to a controlled test that was done, cryptocurrencies were not stolen directly. This suggests that either the attacker was not interested in small sums of money or did not have an automatic way to get the money out of their victims' wallets.

Deal with fraudulent extensions

Google, Mozilla, Apple, and other companies are continually seeking to improve total security on their browser extension platforms. This, however, is not something simple and on more than one occasion the extension stores have been filled with malware. There is more lack of control in who publishes them and above all it is much faster and easier for the user to install than an app, so it is easier than it seems to fall into a fraudulent one.

What can be done to avoid it? Take precautions and be very clear about what is being installed and what permissions are granted to each extension. The fewer extensions installed in the browser, the better and as long as they are from known and verified developers in the extensions store. On the other hand, when installing them, you have to verify what permissions are really given and be suspicious of those that request access to functions that they do not really need for their task. It would be surprising to see the number of extensions that request access to the reading of the text entered in any text field of the browser (that is, to be able to read practically any email or password that is inserted in a form).

The security risk of browser extensions

Beyond the great utility that extensions can have for the browser, we must also take into account the risk that using extensions that are insecure must be taken into account. Sometimes we can compromise our privacy if we use these types of tools without taking into account certain important tips.

We are going to explain why extensions can be a security problem. In each case we will give a series of tips to avoid being victims of security problems related to browser add-ons.

Extension permissions

When we install an extension it can ask us for a series of permissions. Sometimes they will be necessary for their operation, while in other cases it may be a problem for our privacy and that their real objective is to collect all kinds of user data.

That is why it is very important to check the permissions of the extensions that we install in the browser. For example if they ask us for access to the camera, the history or any other application. Maybe what they really want is to collect user data to later sell it to third parties. We already know that our information on the Internet has great value today and many services seek to obtain personal data of all kinds.

Malicious software

Of course one of the main problems is directly installing malicious software. This happens more often than we think. It can mainly happen if we install software from third party sites. In these cases we run the risk of installing malicious software or that has been modified to steal our data.

Our advice is to always install from official sources and make sure everything is in order. We must avoid adding software from links that we find on third-party sites, for example. This must also be applied to applications, as well as to the browser itself.

Outdated extensions

Sometimes security flaws can arise that are corrected through updates and patches. It is the manufacturers and developers themselves who release updates to correct it. We must always have the extensions correctly updated and in this way make sure that a possible hacker is not going to take advantage of these flaws to carry out their attacks.

Changes in operation

In addition to worrying about the installation process, we must also take into account that many extensions undergo changes over time. This means that their functionality can change and not always for the better.

Sometimes they incorporate changes that can be negative for our privacy and security. Therefore, it is advisable to be aware of these possible changes that may pose a problem for our privacy.

Vulnerabilities

One final risk is vulnerabilities. Sometimes by the browser and sometimes by the extensions themselves. These vulnerabilities may allow the injection of malicious code by cybercriminals. They could attack our security and also put the proper functioning of the devices at risk.

 

In short, extensions for the browser are very interesting tools and provide different functions. However, we must bear in mind that they can also pose a problem for our security and privacy. Therefore, we need to take into account everything that we have discussed in this article. The goal is that our privacy and security are always present and for keeping our data private we should use a software that gives us total security from all the extensions that we use.

Comments

Post a Comment

Popular posts from this blog

WHAT IS EMAIL BOMBARDMENT?

-
Image
An email bombing is an attack on your inbox that involves sending massive amounts of messages to it. Sometimes these messages are incomprehensible. But more often, they will be confirmation emails for newsletters and subscriptions. Thus, in the latter case, the attacker uses a script to search for forums and newsletters on the internet. Then they sign up for an account with your email address. Each will send you a confirmation email, asking you to confirm your address. Also, this process is repeated on as many unprotected sites as the script can find. The term Email Bombing or Email Bombing; it can also refer to flooding an email server with too many emails. In an attempt to overwhelm the server and disable it. But that's not the goal here; it would be a challenge to cut down on the modern email accounts used. Meanwhile, Google or Microsoft email servers, anyway. So instead of a denial of service (DOS) attack; against the email servers you are using. Also, the flood of messages...
Read more

TESTING THE ANTIVIRUS THAT YOU USE

-
Image
Have you ever wondered how antivirus is tested before it is available on the market? The truth is that, despite what you may think at first, these applications pass a series of tests that have the mission, obviously, of verifying their effectiveness. Well, for most IT security vendors these assessments are now out of date. Testing an antivirus before its launch is something that is done regularly. Thus, the AV Tests (name by which the aforementioned tests are known) allow users to choose which antivirus they want to install on their computers, knowing what their main characteristics are and what they protect against. So far everything normal. So what is the problem? Some manufacturers of security solutions have raised their voices against the fact that these tests are “not modernized”. In what sense? Some companies claim that, although the complexity of security applications has grown considerably in recent times, when conducting evaluations they do not test the new technologies w...
Read more

WHAT IS PAZERA TROJAN AND HOW TO AVOID IT

-
Image
Pazera Trojan is a recently discovered computer malware that spreads in active attack campaigns. The current wave of infections is due to a complex Android mobile threat, including this Windows-based malware. The mechanisms of infection depend on the manipulation of the victim. Once installed on a given computer, the built-in engine will lead to many dangerous actions. Read our in-depth analysis of the samples and learn how to eliminate active infections in this article. Pazera Trojan - Virus Infection Methods The Pazera Trojan is a dangerous threat that is sent as part of a targeted campaign with the main malware being the Trojan. Originally, this has been used in an attack carried out by an Android Trojan, seeking to infect mobile users. Through the elaborate and complex chain of infections, the Pazera Trojan will install itself. Some of the observations made by security experts who analyze this malware are that the main Trojan infection that has been created by an unknown hackin...
Read more