Latest news with #Symantec
Forbes
09-07-2025
- Forbes
Delete Every Chrome And Edge Extension That's On This List
Is this threat hiding on your PC? Google Chrome and Microsoft Edge are under attack. The latest zero-day vulnerability was discovered by Google's own Threat Analysis Group and triggered a quiet configuration change for 'all users' and an emergency update. CVE-2025-6554 also prompted America's cyber defense agency to warn that this 'type confusion vulnerability could allow a remote attacker to perform arbitrary read/write via a crafted HTML page,' mandating government staff update by July 23. But there's another threat to Chrome and Edge that's hidden from view. In recent weeks, both LayerX and Symantec have warned of the very real dangers in the extensions installed by hundreds of millions of users from official stores. Now we have more of the same. Koi Security has just warned users to delete a list of 18 extensions if they're installed on their devices, extensions that present a real and present threat to those users and which have been installed millions of times. 'If you think a Chrome extension with Google's verified badge, 100,000+ installs, 800+ reviews, and featured placement on the store is trustworthy? Think again,' the team says, Once again, these dangerous add-ons 'perfectly demonstrate how sophisticated threat actors are exploiting the trust signals we rely on.' The extensions, Koi says, 'masquerade as popular productivity and entertainment tools across diverse categories: emoji keyboards, weather forecasts, video speed controllers, VPN proxies for Discord and TikTok, dark themes, volume boosters, and YouTube unblockers.' The type of trivial functionality that is catnip to users. The team says each extension 'provides legitimate functionality while secretly implementing the same browser surveillance and hijacking capabilities we discovered in the color picker.' It's the common ecosystem and code base that has enabled other security teams to unpick networks of dangerous extensions in the past. And again, some of these extensions 'have achieved verified status or featured placement across both the Chrome Web Store and Microsoft Edge Add-ons store, demonstrating that security failures extend across both major browser marketplaces.' The software is controlled through external command and control servers, each with a unique subdomain. But while this gives 'the appearance of separate operators,' they are 'actually part of the same centralized attack infrastructure.' Koi's team says 'immediate action is required' by affected users: The list of identified extensions is as follows: Google Chrome: Microsoft Edge: Some of these extensions have been removed from stories, but at the time of publishing, Koi reports many are still available. Check your own extensions against the list.
Mint
18-06-2025
- Business
- Mint
Mint Primer: AI's twin impact: Better security, worse dangers
AI and generative AI are proving to be double-edged swords, boosting cyber defences while also enabling threats like deepfakes, voice cloning and even attacks by autonomous AI agents. With over two-thirds of Indian firms hit by such threats last year, how do we keep up? What sets AI-powered cyberthreats apart? AI-powered cyberthreats supercharge traditional attacks, making phishing, malware, and impersonation faster, stealthier, and more convincing. GenAI tools create deepfakes, polymorphic malware that mutates constantly, and generate personalized phishing emails. AI bots test stolen credentials, bypass CAPTCHAs that detect bots using puzzles, and scan networks for vulnerabilities. Tools like ChatGPT are used to send 100,000 spam emails for just $1,250. Symantec researchers have shown how AI agents like OpenAI's Operator can run a phishing attack via email with little human intervention. Also read: Artificial intelligence may cause mass unemployment, says Geoffrey Hinton; 'Godfather of AI' reveals 'safe' jobs How big is this threat for India? Nearly 72% of Indian firms faced AI-driven cyberattacks in the past year, reveals an IDC–Fortinet report. Key threats include insider risks, zero-day exploits (attacks before developers can fix software bugs, offering zero defence on day one), phishing, ransomware, and supply chain attacks. These threats are rising fast—70% saw cases double, 12% saw a threefold surge. These attacks are harder to detect. The fallout is costly: 56% suffered financial losses, 20% lost over $500,000, the report noted. Data theft (60%), trust erosion (50%), regulatory fines (46%), and operational disruptions (42%) are the other top business impacts. The threats are evolving. Are we? Only 14% of firms feel equipped to handle AI-driven threats, while 21% can't track them at all, notes IDC. Skills and tool gaps persist, mainly in detecting adaptive threats and using GenAI in red teaming (when ethical hackers mimic real attackers to test a firm's cyber defences). Other gaps include lean security teams, and few chief information security officers. Also read: Google flags over 500 million scam messages monthly as cybercrime soars in India What about laws on AI-led cybercrime? Most countries are addressing AI-related cybercrime using existing laws and evolving AI frameworks. In India, efforts rely on the IT Act, the Indian Computer Emergency Response Team, cyber forensics labs, global ties, and the Indian Cybercrime Coordination Centre under the Union home ministry, which oversees a cybercrime portal logging 6,000 daily cases. The draft Digital India Act may tackle AI misuse. While several states are forming AI task forces, a national AI cybersecurity framework may also be needed. Also read: Israeli startup Coralogix to invest bulk of $115 million fundraise in India How to build cyber defence for AI threats? Evolving AI threats call for AI-savvy governance, regular training, and simulations. Firms must adopt an 'AI vs AI" defence, train staff on phishing and deepfakes, enforce Zero Trust (every access request must be verified) and multi-factor authentication, and conduct GenAI red-team drills. Airtel, for instance, now uses AI to block spam and scam links in real time; Darktrace uses self-learning AI to detect threats without prior data. Cyber insurance must also cover reputational and regulatory risks.
Forbes
13-06-2025
- Forbes
Google Chrome Warning Issued For Most Windows PC Users
Beware this hidden Chrome threat. This is another interesting month for Google's 3 billion Chrome users, with a U.S. government mandate to update all browsers by June 26 and another update warning this week as further vulnerabilities are discovered. But there's a very different Chrome threat to your PC, and it's much more difficult to find and fix. Already this month we have been warned by LayerX that 'a network of malicious sleeper agent extensions" are 'waiting for their 'marching order' to execute malicious code on unsuspecting users' computers.' A huge number of Chrome users have at least one extension installed, which is one of the browser's biggest security risks. Now Symantec warns that some of the most popular extensions it has analyzed, 'expose information such as browsing domains, machine IDs, OS details, usage analytics, and more.' The research team says 'many users assume that popular Chrome extensions adhere to strong security practices,' but that's just not the case. Symantec found that even some big-brand extensions 'unintentionally transmit sensitive data over simple HTTP. By doing so, they expose browsing domains, machine IDs, operating system details, usage analytics, and even uninstall information.' More alarmingly, 'because the traffic is unencrypted, a Man-in-the-Middle (MITM) attacker on the same network can intercept and, in some cases, even modify this data, leading to far more dangerous scenarios than simple eavesdropping.' Bugcrowd's Trey Ford told me 'this is a very common way to compromise browsers for various outcomes, ranging from stealing credentials and spying on users, to simply establishing ways to very uniquely identify and track users across the internet. Ultimately this can manifest as a form of malware, and unavoidably create new attack surface for miscreants to attack and compromise a very secure browsing experience.' There's no easy answer to this one. Symantec says that while 'none of [the extensions] appear to leak direct passwords,' the data can still fuel attacks. 'The risk is not just theoretical; unencrypted traffic is simple to capture, and the data can be used for profiling, phishing, or other targeted attacks.' Symantec notified the developers behind the tested extensions (details in its report.) 'The overarching lesson,' the team says, 'is that a large install base or a well-known brand does not necessarily ensure best practices around encryption. Extensions should be scrutinized for the protocols they use and the data they share.' According to Keeper Security's Patrick Tiquet, 'this highlights a critical gap in extension security,' if and when 'developers cut corners.' He warns that 'transmitting data over unencrypted HTTP and hard-coding secrets exposes users to profiling, phishing and adversary-in-the-middle attacks – especially on unsecured networks.' The risk is especially acute for enterprises. 'Organizations should take immediate action by enforcing strict controls around browser extension usage, managing secrets securely and monitoring for suspicious behavior across endpoints. Just because a browser extension is very popular and has a large user base doesn't mean it's secure. Businesses must scrutinize all browser extensions to protect sensitive data and identities.'
Yahoo
20-05-2025
- Business
- Yahoo
SentinelOne Rises 25% in a Month: Should You Still Buy the Stock?
SentinelOne's S shares have surged 25% in a month, outperforming the Zacks Security industry's return of 19.4% and the broader Zacks Computer and Technology sector's appreciation of 22.8%. The recent outperformance can be attributed to the company's strong AI-powered portfolio, rich partner base and expanding clientele despite stiff the cybersecurity space, SentinelOne is facing stiff competition from the likes of Okta OKTA, Broadcom AVGO and Microsoft MSFT. While Okta's main focus is on identity management, Broadcom's Symantec is a traditional legacy antivirus suite. Microsoft's Defender suite is broadly integrated with its own operating system, lacking openness with third-party SentinelOne's Singularity platform is a complete AI-native and provides security at multiple levels, including endpoint, cloud, identity and data through a single interface. The Purple AI provides investigation, real-time threat detection and automated response through its generative AI-powered security analysis, substantially reducing the response time of enterprises. SentinelOne's modular and multi-cloud compatible architecture gives it a first mover advantage compared to its peers as it offers a more modern and AI-driven solution to enterprises, leading the way into the SentinelOne stock has underperformed its competitors over the past month. Okta, Broadcom and Microsoft shares have appreciated 37.7%, 37.5% and 26.5%, respectively, over the same time. SentinelOne, Inc. price-consensus-chart | SentinelOne, Inc. Quote SentinelOne is expanding its reach in the market with an impressive partner base, which includes some of the top names in the industry, like Alphabet, Lenovo and Amazon Web Services (AWS), among others.S has integrated its services with platform solution providers like Palo Alto Networks, Fortinet, Okta and Microsoft to provide seamless security workflows to its end users. The Purple AI platform helps secure Gen AI applications on the Amazon bedrock, whereas the Singularity Cloud workload helps secure AWS containerized fourth-quarter 2025, 12+ new large Managed Security Service Providers adopted SentinelOne's AI SIEM, CNAPP and Purple AI modules, enhancing recurring revenues. By the end of the previous quarter, the company had more than 14000 direct customers and saw a 25% increase in customers with ARR exceeding $100,000. The total number of such customers stood at 1411 by the end of January April 2025, SentinelOne partnered with Nord Security to provide SMBs with an integrated endpoint and network security solution, increasing the revenue potential for both May 2025, SetinelOne received FedRAMP High Authorization for its Purple AI, Singularity Cloud Security CNAPP and Singularity Hyperautomation solutions. This authorisation provides the company with the opportunity to sell its services to federal agencies, public sector and critical infrastructure organisations, driving top-line growth. SentinelOne has provided positive guidance for the first quarter of fiscal 2026 and fiscal the first quarter of fiscal 2026, the company expects revenues to be around $228 million, indicating 22% growth year over year. For fiscal 2026, it expects revenues to be between $1.007 billion and $1.012 billion, implying 23% growth year over Zacks Consensus Estimate for first-quarter fiscal 2026 revenues is pegged at $228.03 million, indicating 22.36% year-over-year growth and the same for the entire fiscal 2026 is pegged at $1.01 billion. SentinelOne currently carries a Zacks Rank #2 (Buy).You can see the complete list of today's Zacks #1 Rank (Strong Buy) stocks here. Want the latest recommendations from Zacks Investment Research? Today, you can download 7 Best Stocks for the Next 30 Days. Click to get this free report Microsoft Corporation (MSFT) : Free Stock Analysis Report SentinelOne, Inc. (S) : Free Stock Analysis Report Broadcom Inc. (AVGO) : Free Stock Analysis Report Okta, Inc. (OKTA) : Free Stock Analysis Report This article originally published on Zacks Investment Research ( Zacks Investment Research Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Forbes
08-05-2025
- Forbes
Play Ransomware Zero-Day Attacks — US, Saudi Arabia Have Been Targeted
Play ransomware exploited Windows zero-day. The ransomware threat is far from over, despite the internal private communications of some of the cybercriminal gangs being leaked, snitches being offered big bucks for information on gang members, and the childishness of DOGE-trolling attackers demanding $1 trillion payments. If you want evidence of this, look no further than a recent report confirming a 5,365 ransomware rampage. Now it has been revealed that the Play ransomware malware has been used by cybercrime groups exploiting a Windows zero-day vulnerability in attacks across multiple countries, including the U.S., although not all were successful. Here's what you need to know. A joint investigation by the Microsoft Threat Intelligence Center and Microsoft Security Response Center found that a zero-day vulnerability in the Windows Common Log File System had been exploited by Play ransomware attackers, before the elevation of privilege issue was fixed by the April Patch Tuesday security update. Targets included real estate and information technology organizations in the U.S., the retail sector in Saudi Arabia, and software in Spain. Now, the Symantec Threat Hunter Team has published an in-depth technological exploration of another, unsuccesful this time, Play ransomware attack exploiting the same CVE-2025-29824 zero-days against an as yet unnamed U.S. company. The Microsoft threat report confirmed that the original attacks had been facilitated by the use of the PipeMagic malware backdoor and attributed them to a threat actor identified as Storm-2460, although no further information has been provided regarding this group. The Symantec Threat Hunter report, meanwhile, has attributed the latest attacks to a cybercrime group identified as Balloonfly, which is linked to multiple incidents involving Play ransomware deployed against businesses in North America, South America and Europe. 'While the use of zero-day vulnerabilities by ransomware actors is rare,' Symantec said, 'it is not unprecedented.' The good news is that the Ballonfly attack, Symantec said, occurred before the Windows patch was released. So, at the risk of stating the obvious, patch management is the best mitigation against falling victim to the Play ransomware menace. At least, that is, as far as this exploit route is concerned. CVE-2025-29824, is a use-after-free memory vulnerability in the Windows Common Log File System driver that can allow an unauthorized attacker to elevate their system privileges locally.
