Cyberhaven, a data-loss prevention startup, has confirmed a security breach involving its Google Chrome browser extension. Hackers managed to release a malicious update capable of stealing user passwords and session tokens.

What Happened: The breach was confirmed by Cyberhaven on Friday, although specifics were not disclosed. The email, shared by security researcher Matt Johansen, revealed that a company account was compromised to release the malicious update on Dec. 25.

This update allowed sensitive data to be extracted to the attacker’s domain.

The company stated that its security team identified the breach on December 25 and removed the malicious extension from the Chrome Web Store, replacing it with a …

Full story available on Benzinga.com

Cyberhaven, a data-loss prevention startup, has confirmed a security breach involving its Google Chrome browser extension. Hackers managed to release a malicious update capable of stealing user passwords and session tokens.

What Happened: The breach was confirmed by Cyberhaven on Friday, although specifics were not disclosed. The email, shared by security researcher Matt Johansen, revealed that a company account was compromised to release the malicious update on Dec. 25.

This update allowed sensitive data to be extracted to the attacker’s domain.

The company stated that its security team identified the breach on December 25 and removed the malicious extension from the Chrome Web Store, replacing it with a …

Full story available on Benzinga.com

 Cyberhaven, a data-loss prevention startup, has confirmed a security breach involving its Google Chrome browser extension. Hackers managed to release a malicious update capable of stealing user passwords and session tokens.
What Happened: The breach was confirmed by Cyberhaven on Friday, although specifics were not disclosed. The email, shared by security researcher Matt Johansen, revealed that a company account was compromised to release the malicious update on Dec. 25.
This update allowed sensitive data to be extracted to the attacker’s domain.
The company stated that its security team identified the breach on December 25 and removed the malicious extension from the Chrome Web Store, replacing it with a …Full story available on Benzinga.com   Read Morebenzinga neuro, Consumer Tech, Cybersecurity, Google, Google Chrome, News, Software & Apps, Tech, News, Tech, Benzinga News