Tag Archives: Google

Posted on Author Atlantic Computer Services Categories Blog

Screencastify Issue Could Allow Someone To Steal Recorded Videos

Are you one of the legions of users making use of the Screencastify Chrome extension?  It’s a fantastic Chrome extension that allows you to almost effortlessly create screencasts for a variety of purposes.

Unfortunately, the web extension also suffers from a critical security vulnerability that allows attackers to take control of a user’s webcam and steal recorded videos.

The cross-site scripting (XSS) vulnerability that made this possible was reported by independent security researcher Wladimir Palant and it was reported on Valentine’s Day of this year (February 14, 2022).  The vendor that created the extension responded quickly to the reported flaw and issued a fix just days after the issue was reported to them.

While we applaud the rapid response, unfortunately, the fix didn’t completely address the issue and it may still be possible. Although the threat from external attackers has been eliminated.  Unfortunately, three months later the lingering issues that could allow an unscrupulous insider to make the same kind of attack remain unaddressed.

That’s problematic because Screencastify boasts more than ten million installations worldwide on the Chrome store. The total number of installations may be significantly higher, but the site’s counter only goes to ten million.

The extension’s popularity exploded during the pandemic because it represented such a quick and easy solution to a problem that only emerged when tens of millions of people around the world started working from home.

Mr. Palant sums up the core issue thusly:

“The problem was located in the error page displayed if you already submitted a video to a challenge and were trying to submit another one.  This error page is located under a fixed address, so it can be opened directly rather than triggering the error condition.”

In any case, if you use the extension just be aware of the risks associated with it.  There is no word from the vendor on if or when another fix might be coming.

0
Posted on Author Atlantic Computer Services Categories Blog

Update Google Chrome Soon To Fix Multiple Security Issues

Are you a Google Chrome user?  If so, be aware that the company recently released a stable version of Chrome 102 and is urging all users of its browser to update right away. The latest release contains a total of 32 security fixes on Windows, Mac and Linux.

Of the 32 flaws addressed, eight are high-severity, nine are medium, seven are low-severity and one is critical.  The critical flaw, tracked as CVE-2022-1853, is a “user after free in IndexedDB” which is an interface where data is stored in a user’s browser.

Details about the bug or how hackers could exploit it is limited. Pieter Arntz is a security researcher at Malwarebytes, and according to them, a hacker could exploit the flaw by creating a poisoned website that would take over the visitor’s browser by manipulating the IndexedDB.

None of the flaws addressed in Chrome 102 are “Zero Day” issues, meaning flaws that were exploited before Google released the patch to address the flaw.  Even so, many people are somewhat slow to update their browser, and if you are one of them, then you could be in for a world of headaches if a hacker sets their sights on your system.

You can get Chrome 102 for Windows, Mac, and Linux right now. In case you weren’t aware, normally Chrome is updated every four weeks but the extended release gains an additional four weeks by Google back-porting important security fixes to it.

Also be aware that an extended stable release is updated every eight weeks.  Grab yours today and kudos to Google for their tireless work!  Last year, Google’s Project Zero team counted a total of 58 Zero-Day exploits for popular software, with twenty-five of these impacting web browsers.

0
Posted on Author Atlantic Computer Services Categories Blog

Popular Service Being Used To Send Phishing Emails

Google SMTP relay service is wildly popular and used every day by legions of users.  Unfortunately, hackers around the world are aware of this and increasingly they’ve begun abusing the SMTP relay service.

The basic idea is as follows. Some clever hackers have figured out that they can bypass email security products and deliver malicious emails to their intended targets if they take advantage of certain weaknesses in Google’s SMTP relay service.

Researchers at the security firm Avanan have been tracking the phenomenon and have confirmed a sudden, dramatic spike in threat actors abusing the SMTP relay service beginning in April of this year (2022).

The relay service is offered by Google as part of Gmail and Google Workspace as a means of routing outgoing user emails.

Use of the SMTP relay is mostly a matter of convenience, as it means that users don’t have to manage an external server for marketing emails. So there’s no worry that their mail server may get added to someone else’s blocked list.

It is very handy but unfortunately, hackers have discovered that they can use the SMTP relay service to spoof other Gmail tenants without being detected, with one very important catch and caveat. If those domains have a DMARC policy configured with the ‘reject’ directive, the game is up, and the hacker’s attempt will fail.

Although this can be a serious problem, it also has a simple solution.  Just set a fairly strict DMARC policy and you’ll minimize your risk of your users falling victim to this type of attack.

As Google indicated on a recent blog post on this very topic:

“We have built-in protections to stop this type of attack. This research speaks to why we recommend users across the ecosystem use the Domain-based Message Authentication, Reporting & Conformance (DMARC) protocol. Doing so will defend against this attack method, which is a well-known industry issue.”

It’s good advice.  If you aren’t sure whether you’ve got a strict DMARC policy set, find out from your IT staff. If not, have them implement one right away.

0
Posted on Author Atlantic Computer Services Categories Blog

Security Warnings Coming To Certain Google Apps To Help Users

Google has been making some fantastic changes to bolster user security in recent weeks. That includes changes to their Google Play Store that will require developers to disclose exactly what data they plan to track and collect when users install the apps they create.

In a related vein, the tech giant has also recently added some powerful new security features to Google Docs, Sheets, and Slides that now display warning banners any time users attempt to open a suspicious file on the web.

Too often, users will open a file without giving much thought to who put it before them or where it resides (whether a trusted network drive or somewhere on the cloud, for example).  Unfortunately, hackers are keenly aware of this and will often plant poisoned files that appear to be legitimate work files in places where users are likely to find them. Then, the hackers simply sit back and wait until they reel someone in.

These recent changes to Google Workspace apps are designed with one goal in mind. To help the people using those apps make better decisions bout whether to open a file, even if it looks completely legitimate.

This new warning feature builds on a system the company began implementing for Google Drive files back in January of this year (2022) and uses the same warning banners you’ll find there.  A bright yellow, hard to miss banner appearing at the top of the page after a user has clicked on a link, but before the file is downloaded.

These brightly colored banners display warning messages essentially asking the user if he or she is sure about downloading a file from an untrusted source that may contain malicious code.  Note that Enterprise users were a bit slower than everyone else to get the new functionality because of the way Google organized the rollout. By the time you read this, they should be visible for everyone.

0
Posted on Author Atlantic Computer Services Categories Blog

Three Big Companies Working On Passwordless Login Options

Ask just about any IT security professional and they will tell you that weak user passwords are one of the biggest problems and most persistent threats to corporate networks.

Despite years of training, re-training, and near-constant reminders to strengthen passwords, users keep making the same mistakes.

They’ll re-use the same password across multiple properties. They may use an incredibly weak and easy to guess password that makes it easy for hackers to break in using simple brute force attacks against their accounts.

If passwords were to simply go away and be replaced by something better, legions of IT security folks would breathe a tremendous sigh of relief.

If Apple, Google, and Microsoft have anything to say about the matter, that is soon to be a reality.  All three companies are hard at work on a variety of passwordless schemes. If their plans remain on track, we’ll get to see the fruits of their labor sometime next year.

The three companies are currently working to implement passwordless FIDO sign-in standards across Android, Chrome, iOS, macOS, Safari, Windows, and Edge.  Taken together, those systems and software packages account for some 90 percent of network traffic today. It won’t be long now before the devices users employ will store a FIDO credential, dubbed a passkey, which is used to unlock your device and access all of your online accounts.

The passkey scheme is substantially more secure than a simple password because it’s protected with powerful cryptography and only shown to your online account when you unlock your device.  Contrast that with passwords, which leave users vulnerable to all manner of phishing schemes and are subject to being weakened by bad habits developed by the users themselves.

All of that is good news but it should be noted that we haven’t seen it in action yet. Even after the Big Three finish their work, there’s still the considerable task of implementing the use of the new passkeys into websites and other applications. It will be a while yet, but the good news is change is coming.

0
1 2 3 4 5 31