Detected an extension in Chrome Web Store, active from February, that steals credit cards

Tuesday, January 15, 2019

We have detected an extension for Google Chrome, still active, that steals data from web site forms visited by the victims. This extension, which is still available on Chrome Web Store –the extension market for Chrome– has been active from February 2018. It is hidden within the searches performed on the Web Store, and it can only be accessed through a link that the attackers are spreading by means of JavaScript injection attacks on web sites that make them to be redirected to that extension using that link.

Chrome web store Javascript cybersecurity image

2019 won’t be the year when quantum computers replace the cryptography that we all use

Wednesday, January 9, 2019

 2019 won’t be the year when quantum computers replace the cryptography that we all use image

What would happen if a fully error corrected quantum computer of several thousands of logical qubits started working today? Public key infrastructures would fall down. The secrets of the world would be discovered. There would be chaos. How far or close that day is? How would it affect our cryptography? What to do to protect our sensitive information ahead of the forthcoming arrival of quantum computers?

Open source maintainer burnout as an attack surface

Wednesday, December 26, 2018

Software development has evolved greatly in the last decades. It is leaning towards an scenario based in third-party modules, components and libraries that help accelerate the development of our own software solving effectively frequently used tasks so that we do not need to reinvent the wheel.

While It is straightforward to see the advantages of this approach we need to realise that coupled with them comes a series of risks that need to be handled as well. To use a better known pattern that comes from the cloud computing world there’s a shared responsibility model regarding vulnerabilities and potential attacks as we can see in its different flavours: IaaS, PaaS or SaaS.

Foca Files Finder, our new Chrome extension to feed FOCA

Tuesday, December 25, 2018

Our Chrome extension is really simple. It takes advantage of the Bing technology (already used by FOCA) to perform a search of documents on the domain being visited at the moment with Chrome. This list (limited to 50) is quickly accessible from your browser. You can export it to a TXT file which can, in turn, be used by the FOCA.

Among the available options, you can choose what kind of documents you wish to search. Moreover, you can perform an automatic research, so you will not need to press the extension button. By doing so, every time you visit a domain, on the FOCA icon it will appear an indicator with the potential number of documents found.

New report: Twitter botnets detection in sports event

Thursday, December 20, 2018

New report: Twitter botnets detection in sports event imagen

We all know that a botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform DDoS attacks, steal data, send spam and allows the attacker to access the device and its connection. The owner can control the botnet using C&C software.