Chromium Browsers Allow Data Exfiltration via Bookmark Syncing

"Bruggling" emerges as a novel technique for pilfering data out from a compromised environment — or for sneaking in malicious code and attack tools. [TechWeb]( Follow Dark Reading: [RSS]( August 02, 2022 LATEST SECURITY NEWS & COMMENTARY [Chromium Browsers Allow Data Exfiltration via Bookmark Syncing]( "Bruggling" emerges as a novel technique for pilfering data out from a compromised environment — or for sneaking in malicious code and attack tools. [DoJ: Foreign Adversaries Breach US Federal Court Records]( A Justice Department official testifies to a House committee that the cyberattack is a "significant concern." [Ransomware Hit on European Pipeline & Energy Supplier Encevo Linked to BlackCat]( Customers across several European countries are urged to update credentials in the wake of the attack that affected a gas-pipeline operator and power company. [For Big Tech, Neutrality Is Not an Option — and Never Really Was]( Tech companies play a vital role in global communication, which has profound effects on how politics, policies, and human rights issues play out. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [8 Hot Summer Fiction Reads for Cybersecurity Pros]( A reading list of recommended novels curated by cybersecurity experts for cybersecurity experts. [ICYMI: Dark Web Happenings Edition With Evil Corp., MSP Targeting & More]( Dark Reading's digest of other "don't-miss" stories of the week — including a Microsoft alert connecting disparate cybercrime activity together, and an explosion of Luca Stealer variants after an unusual Dark Web move. [Getting Ahead of Supply Chain Attacks]( Attackers are willing to replicate entire networks, purchase domains, and persist for months, not to mention spend significantly to make these campaigns successful. [APT-Like Phishing Threat Mirrors Landing Pages]( By dynamically mirroring an organization’s login page, threat actors are propagating legitimate-looking phishing attacks that encourage victims to offer up access to the corporate crown jewels. [MORE]( EDITORS' CHOICE [Malicious npm Packages Scarf Up Discord Tokens, Credit Card Info]( The campaign uses four malicious packages to spread "Volt Stealer" and "Lofy Stealer" malware in the open source npm software package repository. LATEST FROM THE EDGE [Name That Edge Toon: Up a Tree]( Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card. LATEST FROM DR TECHNOLOGY [Credential Canaries Create Minefield for Attackers]( Canary tokens — also known as honey tokens — force attackers to second-guess their potential good fortune when they come across user and application secrets. WEBINARS - [Ransomware Resilience and Response: The Next Generation]( When ransomware locks up your business's critical data and essential gear, there is no time to figure out what to do. There is only time to act - without panicking. That's why a good ransomware response playbook is essential: Do ... - [Assessing Cyber Risk]( Top executives often ask, "how safe are we from a cyber breach?" But it can be difficult to quantitatively measure cyber risk, and even harder to assess your organization's attack surface. In this webinar, you'll learn how to evaluate your ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Five Best Practices for AWS Security Monitoring]( - [Eight Best Practices for a Data-Driven Approach to Cloud Migration]( - [Sumo Logic for Continuous Intelligence]( - [Understanding DNS Threats and How to Use DNS to Expand Your Cybersecurity Arsenal]( - [The Many Risks of Modern Application Development]( - [Endpoint Detection Net Suite Use Cases]( - [Ambush Attackers at the Endpoint with the Endpoint Detection Net (EDN) Suite]( [View More White Papers >>]( FEATURED REPORTS - [Breaches Prompt Changes to Enterprise IR Plans and Processes]( - [Understanding DNS Threats and How to Use DNS to Expand Your Cybersecurity Arsenal]( With attacks and breaches on the rise, enterprise security teams need full visibility over what they have in their network. DNS is a key tool for visibility and asset discovery. Proactive DNS-layer security - such as using DNS data to ... - [How Enterprises Plan to Address Endpoint Security Threats in a Post-Pandemic World]( Dark Reading's 2022 Endpoint Security Report examines how IT and cybersecurity professionals are grappling with the impact of pandemic-related changes on endpoint security strategies. The report explores how they are building their endpoint security defenses, and provides insight on what organizations ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Craig Newmark Gives UC Berkeley $2 Million for University Cybersecurity Clinics]( [OneTouchPoint, Inc. Provides Notice of Data Privacy Event]( [Siemens Energy Takes Next Step to Protect Critical Infrastructure]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Implementing Zero Trust In Your Enterprise: How to Get Started]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)