Web Browser Extensions, WordPress Exploit, and The Unceremonious End of Adobe Flash

We hope you and your employees have a happy and safe Christmas holiday this year!  With your help, your network can stay safe too – take care to avoid these malware schemes, which are circulating during the last two weeks of 2020.

 

Web Browser Add-ons Are a Growing Source of Malware

While most people know not to run an executable file from an untrusted website, many don’t think twice about downloading an web browser or social media extension.  These are becoming a larger source of malware distribution, however, and extensions with known malware have been downloaded tens of millions of times.  Most alarmingly, the extensions don’t necessarily have the malware embedded at the time they’re downloaded.

The malware developer creates an extension that adds useful features, such as the ability to download videos from social media sites.  Once the product has thousands (or hundreds of thousands) of downloads, the developer updates it to include malware that can steal information from the user and forward it to the developer.

Learn more at Dark Reading

 

WordPress Plugin Vulnerable to Attack

WordPress is the most popular website publishing platform in the world.  Contact Form 7 is one of the most popular add-ons, with millions of sites using it for contact form functionality.  If your company’s website uses Contact Form 7, you’ll want to make a recently released security patch has been applied, because a recent vulnerability allows websites using Contact Form 7 to be taken over.

Once taken over, A site can be used to host malware or to redirect unsuspecting visitors to other sites hosting malware.  In fact, the vulnerability can allow the entire server hosting the website to be taken over, allowing far more than one website to be affected.

Read more at BleepingComputer

 

Adobe Flash Reaches End-of-Life

After an 24 year run, Adobe Flash is no longer receiving security updates.  Adobe has updated Flash to request that users uninstall the program, and the Flash app will no longer run any Flash content after the end of this year.  It was already disabled by default in all major web browsers, in part because of its long-term reputation as a major target of malware exploits.

Read more at ZDNet