A cute cover for a dangerous vulnerability. [Research Saturday]

CyberWire Daily

N2K Networks, Inc.

Daily News, Tech News, News, Technology

4.6 • 1K Ratings

🗓️ 18 January 2025

⏱️ 22 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Nati Tal, Head of Guardio Labs, sits down to share their work on “CrossBarking” — Exploiting a 0-Day Opera Vulnerability with a Cross-Browser Extension Store Attack. Guardio Labs has uncovered a critical vulnerability in the Opera browser, enabling malicious extensions to exploit Private APIs for actions like screen capturing, browser setting changes, and account hijacking. Highlighting the ease of bypassing extension store security, researchers demonstrated how a puppy-themed extension exploiting this flaw could infiltrate both Chrome and Opera's extension stores, potentially reaching millions of users. This case underscores the delicate balance between enhancing browser productivity and ensuring robust security measures, revealing the alarming tactics modern threat actors employ to exploit trusted platforms. The research can be found here: “CrossBarking” — Exploiting a 0-Day Opera Vulnerability with a Cross-Browser Extension Store Attack Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the Cyberwire Network, powered by N2K.
0:09.5	And now a message from our sponsor, Z-Scaler, the leader in cloud security.
0:17.2	Enterprises have spent billions of dollars on firewalls and VPNs, yet breaches continue to rise by an 18% year-over-year increase in ransomware attacks and a $75 million record payout in 2024.
0:31.1	These traditional security tools expand your attack surface with public-facing IPs that are exploited by bad actors,
0:38.0	more easily than ever, with AI tools.
0:40.9	It's time to rethink your security.
0:43.4	Z-scaler Zero Trust Plus AI stops attackers
0:47.0	by hiding your attack surface,
0:49.3	making apps and IPs invisible,
0:51.7	eliminating lateral movement,
0:53.5	connecting users only to specific apps, not the
0:56.5	entire network, continuously verifying every request based on identity and context, simplifying security
1:03.8	management with AI-powered automation, and detecting threats using AI to analyze over 500 billion
1:10.7	daily transactions.
1:12.6	Hackers can't attack what they can't see.
1:14.8	Protect your organization with Z-Scaler, Zero Trust, and AI.
1:19.6	Learn more at Z-scaler.com slash security.
1:27.1	Music Hello, everyone, and welcome to the CyberWires Research Saturday. I'm Dave Bittner, and this is our weekly
1:40.8	conversation with researchers and analysts tracking down the threats and vulnerabilities,
1:46.0	solving some of the hard problems and protecting ourselves in a rapidly evolving cyberspace.
1:51.8	Thanks for joining us.
1:58.7	If you're already there under the hood or ROMUM, you find some stuff that look suspicious or look like vulnerable for exploitation.
	...

Transcript will be available on the free plan in -27 days. Upgrade to see the full transcript now.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.