Search icon
ReadWrite
see notifications
Notifications
see more
paint-brush
Abaphandi be-SquareX Baveza uhlaselo lwe-OAuth kwiiNtsuku zoLwandiso lwe-Chrome ngaphambi kokwaphulwa okukhulunge@cybernewswire
Imbali entsha

Abaphandi be-SquareX Baveza uhlaselo lwe-OAuth kwiiNtsuku zoLwandiso lwe-Chrome ngaphambi kokwaphulwa okukhulu

nge CyberNewswire4m2024/12/30
Read on Terminal Reader
tldt arrow
en-flagENko-flagKOes-flagESja-flagJAlo-flagLOhr-flagHRpl-flagPLsv-flagSVkk-flagKKky-flagKYbe-flagBExh-flagXHiw-flagIW
XH

Inde kakhulu; Ukufunda

Inguqulelo ekhohlakeleyo yolwandiso lwesiphequluli seCyberhaven yapapashwa kwiSitolo seChrome esivumela umhlaseli ukuba aqweqwedise iiseshini eziqinisekisiweyo kwaye akhuphe ulwazi oluyimfihlo. Ulwandiso lwalukhona ukuze lukhutshelwe ngaphezulu kweeyure ezingama-30 ngaphambi kokuba lususwe yiCyberhaven.
featured image - Abaphandi be-SquareX Baveza uhlaselo lwe-OAuth kwiiNtsuku zoLwandiso lwe-Chrome ngaphambi kokwaphulwa okukhulu
CyberNewswire HackerNoon profile picture
0-item

I-PALO ALTO, Calif., USA, Disemba 30th, 2024 / CyberNewsWire/--SquareX, isisombululo sokuqala soMkhangeli weSikhangeli kunye neMpendulo (BDR), sikhokelela ekukhuselekeni kwesikhangeli.


Malunga neveki ephelileyo, SquareX ingxelo uhlaselo olukhulu olujolise kubaphuhlisi boLwandiso lweChrome olujolise ekuthatheni uLwandiso lweChrome kwiVenkile yeChrome.


Nge-25 kaDisemba, i-2024, inguqulelo engalunganga yolwandiso lwe-browser ye-Cyberhaven yapapashwa kwiVenkile ye-Chrome eyavumela umhlaseli ukuba aqweqwedise iiseshini eziqinisekisiweyo kwaye akhuphe ulwazi oluyimfihlo.


I ulwandiso olulunya ibikhona ukuze ikhutshelwe ngaphezulu kweeyure ezingama-30 ngaphambi kokuba isuswe yiCyberhaven. Inkampani yokuthintela ilahleko yedatha yalile ukuphawula malunga nobungakanani bempembelelo xa isondela kumshicileli, kodwa ukongezwa kunabasebenzisi abangaphezu kwama-400,000 Ivenkile yeChrome ngexesha lohlaselo.


Ngelishwa, uhlaselo lwenzeka njengoko abaphandi be-SquareX babenayo ichongiwe uhlaselo olufanayo nge ividiyo ebonisa yonke indlela yohlaselo kwiveki nje ngaphambi kokwaphulwa kweCyberhaven.


Uhlaselo luqala nge-imeyile ekhohlisayo ezenza iSitolo seChrome esiqulathe ukwaphulwa kweqonga elithi "Isivumelwano soPhuhlisi", ibongoza umamkeli ukuba amkele imigaqo-nkqubo yokuthintela ukwandiswa kwayo ekususweni kwiVenkile yeChrome.


Ekucofa iqhosha lepolisi, umsebenzisi uye acelwe ukuba aqhagamshele iakhawunti yakhe kaGoogle “kwiSandiso soMgaqo-nkqubo waBucala”, onika umhlaseli ufikelelo lokuhlela, ukuhlaziya nokupapasha izandiso kwiakhawunti yomphuhlisi.

Isazobe 1. Phishing email ejolise abaphuhlisi abongezelelweyo

Umzobo 2. Ukwandiswa koMgaqo-nkqubo waBucala obungeyonyani ucela ukufikelela “kuhlela, ukuhlaziya okanye ukupapasha” ukongezwa komphuhlisi.

Izandiso ziye zaba yindlela eyandayo ethandwayo yokuba abahlaseli bafumane ukufikelela kokuqala.


Oku kungenxa yokuba uninzi lwemibutho inomda wokujonga ukuba zeziphi izandiso zebrawuza ezisetyenziswa ngabasebenzi babo. Nawona maqela angqongqo okhuseleko awasoloko ebeka iliso kuhlaziyo olulandelayo emva kokuba ulwandiso lube kuluhlu olumhlophe.


I-SquareX yenze uphando olubanzi kwaye yabonisa kwi IDEFCON 32, indlela izandiso ezithobelayo ze-MV3 ezinokusetyenziswa ngayo ukubiwa kwevidiyo, ukongeza umdibanisi othuleyo we-GitHub, kwaye ubambe iikuki zeseshoni, phakathi kwabanye.


Abahlaseli banokwenza ulwandiso olubonakala lungenabungozi kwaye kamva baluguqule lube lunyanzelo lokufakela emva kokufakwa okanye, njengoko kubonisiwe kuhlaselo olungentla, baqhathe abaphuhlisi ngasemva kolwandiso oluthembekileyo ukuze bafikelele kweso sele sinamakhulu amawaka abasebenzisi.


Kwimeko kaCyberhaven, abahlaseli bakwazile ukuntshontsha iziqinisekiso zenkampani kuzo zonke iiwebhusayithi ezininzi kunye neeapps zewebhu ngoguqulelo olungalunganga lolwandiso.

Ngenxa yokuba ii-imeyile zomphuhlisi zidweliswe esidlangalaleni kwiVenkile yeChrome, kulula kubahlaseli ukujolisa amawaka abaphuhlisi abongezelelweyo ngaxeshanye.


Ezi imeyile ziqhele ukusetyenziselwa ingxelo yebug. Ke, nee-imeyile zenkxaso ezidweliswe ukongezwa kwiinkampani ezinkulu zihlala zithunyelwa kubaphuhlisi abanokuthi bangabinalo inqanaba lolwazi lokhuseleko olufunekayo ukufumana ukurhanelwa kuhlaselo olunjalo.


Njengokuvezwa kohlaselo lwe-SquareX kunye nolwaphulo lweCyberhaven olwenzeka ngaphakathi kwexesha elingaphantsi kweeveki ezimbini, inkampani inesizathu esinamandla sokukholelwa ukuba abanye ababoneleli bokwandiswa kwesikhangeli bahlaselwa ngendlela efanayo. I-SquareX ibongoza iinkampani kunye nabantu ngokufanayo ukuba bahlole ngononophelo ngaphambi kokufaka okanye ukuhlaziya naziphi na izandiso zebrawuza.

Umzobo 3. Iinkcukacha zoqhagamshelwano zabaphuhlisi bolwandiso ziyafumaneka esidlangalaleni kwiSitolo seChrome


Iqela le-SquareX liyaqonda ukuba akunakuba yinto encinci ukuvavanya kunye nokubeka iliso kwisandiso ngasinye sesiphequluli somsebenzi phakathi kwazo zonke izinto eziphambili ezikhuphisanayo zokhuseleko, ngakumbi xa kuziwa kuhlaselo lweentsuku zero.


Njengoko kubonisiwe kwi ividiyo , i-app yomgaqo-nkqubo wabucala womgunyathi obandakanyekayo ekwaphuleni umthetho kaCyberhaven ayizange ibonwe nangaziphi na izoyikiso ezithandwayo.

Isisombululo se-SquareX's Browser Detection and Response (BDR). isusa obu bunzima kumaqela okhuseleko ngokuthi:


  • Ukuthintela unxibelelwano lwe-OAuth kwiiwebhusayithi ezingagunyaziswanga ukuthintela abasebenzi ukuba banganikezeli ngempazamo abahlaseli ukufikelela okungagunyaziswanga kwiakhawunti yakho yoGcino lukaChrome
  • Ukuthintela kunye/okanye ukuphawula naluphi na uhlaziyo olukrokrisayo oluqulathe iimvume ezintsha, ezinobungozi
  • Ukuthintela kunye/okanye ukuhlohla naziphi na izandiso ezikrokrisayo ngokunyuka kophononongo olubi
  • Ukuthintela kunye/okanye ukufakela iflegi yezandiso ezifakwe ecaleni
  • Ukulungelelanisa zonke izicelo zofakelo olwandisiweyo ngaphandle koluhlu olugunyazisiweyo ukuze uvunywe ngokukhawuleza ngokusekelwe kumgaqo-nkqubo wenkampani
  • Ukubonakala okupheleleyo kuzo zonke izandiso ezifakwe kwaye zisetyenziswe ngabasebenzi kumbutho wonke


Umseki we-SquareX Vivek Ramachandran iyalumkisa: “Uhlaselo lwesazisi olujolise ekwandisweni kwesikhangeli esifana nolu hlaselo lwe-OAuth luza kuxhaphaka ngakumbi njengoko abasebenzi bexhomekeke kwizixhobo ezisekwe kwisikhangeli ukuze babe nemveliso emsebenzini. Ukwahluka okufanayo kolu hlaselo kusetyenziswe kwixesha elidlulileyo ukuze kubiwe idatha yefu kwii-apps ezifana ne-Google Drive kunye ne-One Drive kwaye siza kubona kuphela abahlaseli befumana ubuchule obungakumbi ekusebenziseni izandiso zesiphequluli. Iinkampani kufuneka zihlale ziphaphile kwaye zinciphise umngcipheko wokubonelelwa ngaphandle kokuthintela imveliso yabasebenzi ngokubaxhobisa ngezixhobo ezizizo eziziibhrawuza ezifanelekileyo. ”

Malunga neSquareX:

IsikwereX inceda imibutho ukuba ibone, ithobe, kwaye izingele uhlaselo lwewebhu lwecala lomthengi olwenzeka ngokuchasene nabasebenzisi bayo ngexesha lokwenyani.


Isisombululo sokuqala seSquareX soMkhangeli weSikhangeli kunye neMpendulo (BDR), sithatha indlela ejolise kuhlaselo kukhuseleko lwesikhangeli, siqinisekisa ukuba abasebenzisi beshishini bakhuselwe kwizisongelo eziphambili ezifana neeKhowudi ze-QR ezinobungozi, ibrowser-in-the-browser phishing, i-malware esekwe kwi-macro, kunye nolunye uhlaselo lwewebhu oluquka iifayile ezinobungozi, iiwebhusayithi, imibhalo, kunye nothungelwano olusengozini.


Nge-SquareX, amashishini anokubonelela ngeekontraka kunye nabasebenzi abakude ngokufikelela ngokukhuselekileyo kwizicelo zangaphakathi, kunye ne-SaaS yeshishini, kunye nokuguqula izikhangeli kwi-BYOD / izixhobo ezingalawulwayo zibe ziiseshoni zokukhangela ezithembekileyo.

Qhagamshelana

Intloko yePR

Junice Liew

IsikwereX

[email protected]

Eli bali lisasazwe njengokukhutshwa yiCybernewswire phantsi kweNkqubo yokuBloga yeShishini yeHackerNoon. Funda ngakumbi malunga nenkqubo Apha




Notion
L O A D I N G
. . . comments & more!

About Author

CyberNewswire HackerNoon profile picture
CyberNewswire@cybernewswire
The world's leading cybersecurity press release distribution platform.
Read my stories

ZIJONGE IIMPAWU

purcat-imgcybersecurity #cybersecurity #squarex #cybernewswire #press-release #squarex-announcement #cyber-threats #cyber-attack #good-company

ELI NQAKU LINIKEZELWE KU...

Read on Terminal Reader Terminal
Read this story w/o Javascript Lite

AMABALI ENXULUMENEYO

Join HackerNoonloading
Latest technology trends. Customized Experience. Curated Stories. Publish Your Ideas