Fortunately, the two Firefox bugs, which were chained into one single exploit and deployed against Coinbase employees, was detected by Coinbase staffers. If successful, a hacker could have gained access to the Coinbase backend network and used this access to steal funds from the exchange -- a tactic that has been used numerous times in the past and has led to gigantic losses at many cryptocurrency exchanges before.
According to indicators of compromised shared by Martin, attackers would send a spear-phishing email luring victims to a web page, where, if they used Firefox, the page would download and run an info-stealer on their systems that would collect and exfiltrate browser passwords, and other data. The attack was tailored for both Mac and Windows users, alike, with different malware for each OS. Mozilla released on Tuesday Firefox Earlier today, these fixes were also merged into the Tor Browser with the release of v8.
Updated on June 20, ET: Mozilla has released a patch for the second zero-day described in this article. Users can update to Firefox Best cheap vacuum cleaner Affordable and reliable too. What can you do with an MBA?
Best MagSafe accessories Chargers, portable batteries, car mounts, and more. Best foldable phones You'll flip for Samsung. Best Mac app 10 essential tools. You agree to receive updates, promotions, and alerts from ZDNet. You may unsubscribe at any time. And we implored you to switch to a private browser , finally. But back to war.
We went in-depth on the message the US is sending Russia about its nuclear experiments: Do as we say, not as we do. Click on the headlines to read the full articles, and be safe out there.
This week, it came out that currency exchange Coinbase successfully fought off an attack that targeted its employees in an apparent attempt to do just that.
The attack, according to ZDNet, exploited two zero-day bugs in Firefox. The first zero-day made headlines midweek when Mozilla confirmed that it had patched a bug which would allowed hackers to gain remote access to a Firefox browser and execute code. In order for that first bug to work, though, hackers needed a second bug to let it execute the code. Luckily, not only did Coinbase and an outside researcher notice the bugs, but Coinbase picked up on the attack before any money could be stolen or the network could be infiltrated.
When Customs and Border Protection confirmed last week that one of its biometric surveillance contractors had been breached, it apparently underplayed how bad the situation was. And to be honest, it already sounded bad. At the time, the agency said that , images of faces and license plates of immigrants, citizens, and asylum seekers had been stolen and leaked online, but that none had shown up on the dark web.
Now The Washington Post says there is actually far more sensitive information from the breach spreading across the internet.
0コメント