Latest news with #LayerXSecurity
Techday NZ
5 days ago
- Business
- Techday NZ
ExtensionPedia launches with risk scores for 200K browser add-ons
LayerX Security has launched ExtensionPedia, an online resource designed to provide security evaluations for over 200,000 browser extensions. The new platform provides individuals and enterprises with detailed risk assessments for browser extensions available for Chrome, Edge, and Firefox, enabling users to review security scores before installation. ExtensionPedia also includes a knowledge centre featuring guidance on mitigating threats from malicious browser extensions. Malicious browser extensions have been cited as a significant but overlooked identity security risk affecting both home and workplace users. Recent incidents, including multiple breaches over the past six months, have reportedly exposed nearly ten million users worldwide to risks such as identity theft and data leakage via compromised extensions. These risks have prompted warnings from law enforcement agencies such as the FBI. One of the challenges users face is the complexity of extension trustworthiness, as extensions can be developed, modified, or compromised by malicious actors and redistributed widely. Access to complete, impartial risk information on individual extensions has not typically been available to the general public or organisations. Extension stores typically apply only baseline verification processes to detect obvious malicious indicators in extensions. Deeper investigations into suspicious behaviour or complex risks usually fall outside their standard review procedures. Or Eshed, Co-Founder and Chief Executive Officer of LayerX, explained the rationale behind the launch of ExtensionPedia: "While browser extensions are often considered harmless, in practice they are frequently granted extensive access permissions to users' identity information and data, leading hackers to use them as an attack channel for credential theft, account takeover and data theft." He added, "When someone installs a browser extension – either for personal or work – users and their organisations have no idea what permissions each extension has, how reputable the extension author is and the risk profile of the extension. Our Browser Extension Risk Database and Knowledge Centre for the first time helps get the information individuals and enterprises to protect themselves." ExtensionPedia's risk evaluations are based on anonymised data collected from millions of sessions using the LayerX platform, which operates as a user-centric extension for protecting identities directly within browsers. Key features of ExtensionPedia include access to data on over 200,000 extensions across major browsers, integration with the LayerX management console, and availability for public use online. Each extension is given a detailed score based on parameters such as permission scope and reputation risk. Users can also view a single, unified risk score incorporating all available risk factors. Additional information available through ExtensionPedia includes extension details, publisher data, and a range of articles and guides covering topics related to browser extension security and best practices for preventing malicious activity. Individuals and organisations using ExtensionPedia can search for extensions by name or unique ID, review extensions by category—including GenAI, VPN tools, and password managers—and compare risk scores. The platform offers both high-level risk assessments and more granular, detailed breakdowns, including permission access and publisher reputation. ExtensionPedia also features resources to help users educate themselves on the risks and protection strategies related to browser extensions.
Yahoo
21-03-2025
- Yahoo
Mac users are being targeted by a vicious new phishing scam. Here's how to stay safe
There's a well-known myth that Macs are somehow invulnerable to viruses, phishing attempts, hackers and the like. You might have heard it before, or maybe you even believe it yourself. Unfortunately, it's far from true. Because while Windows users face more threats than their Mac counterparts, that doesn't mean that Mac users should get complacent. That point has just been perfectly illustrated by a new phishing scam that is specifically targeting Macs. It's so advanced, in fact, that LayerX Security, the firm that has been tracking the attack, has said that similar campaigns 'have rarely reached this level of sophistication.' On first glance, the attack sounds straightforward enough: the attackers launch a spoof pop-up window warning you that your computer is under attack. These popups appear on 'typosquatted' websites — that is, malicious websites with URLs that are very similar to the real thing, such as one that deliberately misspells They're designed to look like the sites they're impersonating so that victims don't get suspicious and back out before it's too late. Many of us have seen popups like these and know to ignore them. But this attack goes a step further by using some nefarious code to freeze your browser window. The goal is to manipulate you into thinking that your browser really has been compromised — after all, it's seemingly no longer working. Once that's done, the popups present a fake login window that is designed to steal your Apple Account credentials. Once you fill in your username and password, the hackers have access to everything locked behind your Apple Account's protected front door. And if that doesn't do the trick, the popups also display a phone number that the hackers control, which will connect you to someone who will attempt to steal your login credentials. It's a clever trick that could well fool an unsuspecting user. And interestingly, it's one that has recently been adapted to specifically target Apple fans rather than computer users in general. Initially, this scam was aimed squarely at Windows users. Its phishing pages were hosted on servers, which lent credence to the pages since their URLs appeared to be connected to Microsoft. However, Microsoft updated its Edge browser to combat this trick, and similar updates have rolled out to Chrome and Firefox. This stopped 90% of the attacks on Windows PCs, LayerX believes. That didn't put the hackers off, though. Since then, the attackers have shifted focus to the Mac, as Safari apparently has not been covered by the security updates. As a result, the hackers adjusted their campaign so that the popups now look legitimate to Mac users. For instance, the popups now claim to be an 'Apple Security warning' and state that 'MacOS has been locked due to unusual activity.' That shows clearly that attackers are not afraid to target Mac users with their malicious campaigns. If macOS appears to be unprotected in some way, hackers will quickly adapt their tools to take advantage. As a Mac user, that means you need to be prepared. If you're concerned about your safety online when using a Mac, there are a few things you can do to stay safe. Firstly, always ensure you have correctly typed a website address before you visit it. This attack relied on misspelled web addresses being entered into your browser, so be sure that everything is as it should be before you hit Return. You should also install an antivirus app on your Mac, as many can detect this kind of phishing scam. Antivirus apps don't slow down your Mac anywhere near as much as they used to, and there's no compelling reason not to use one. The benefits far outweigh the drawbacks. Next, if you see a popup claiming that your browser is infected, don't panic. Hackers want to rush you into a decision before you can think straight. Take a breath and think about what to do. That means you shouldn't enter your account details into a suspicious popup window, and don't call an unknown number claiming to be for a company's official support team. If you need to contact Apple support, be sure to do it at the official, correctly spelled website. And finally, remember that Macs are not invulnerable to hackers and phishing attempts. Stay on your guard online and you will stand a strong chance of staying safe.
