The breach occurred when an employee was tricked by a phishing email, leading to their credentials being compromised. This allowed the attacker to post a malicious version of Cyberhaven’s Chrome extension (version 24.10.4) on the Chrome Web Store. The affected version was active from 1:32 AM UTC on December 25 to 2:50 AM UTC on December 26, impacting users whose browsers automatically updated during this period.
Cyberhaven’s CEO, Howard Ting, praised the rapid response of the company’s security team, which detected the compromise late on Christmas Day and removed the malicious extension within an hour. “I’m proud of how quickly our team reacted, prioritizing our customers and acting transparently in line with our values,” Ting stated.
While no other systems, such as Cyberhaven’s CI/CD processes or code signing keys, were affected, users’ cookies and authenticated sessions for certain websites may have been exfiltrated. Cyberhaven is urging users to update their extensions to version 24.10.5 or newer, review logs for unusual activity, and reset any passwords that do not adhere to FIDOv2 standards.
This incident serves as a stark reminder that even trusted systems can be compromised through phishing. It underscores the importance of maintaining robust cybersecurity practices and staying vigilant, especially during periods like the holidays, when threat actors often exploit potential vulnerabilities.
Source: TechRadar
The European Cyber Intelligence Foundation is a nonprofit think tank specializing in intelligence and cybersecurity, offering consultancy services to government entities. To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net, or you can try yourself using check.website.