Researchers Find More Malicious Brower Extensions in Chrome Web Store

Today’s topics include Google removing 89 malicious browser extensions from the Chrome web store; Oracle’s Autonomous Database competing with cloud leaders; Pwn2Own 2018 expanding its targets and offering $2 million in prizes; and Microsoft extending Windows 10 support for businesses and schools.

As it has done many times over the past year, Google has removed 89 browser extensions, collectively dubbed Droidclub, from its official Chrome web store after security vendor Trend Micro identified them as being malicious on Feb. 1. Google has also disabled the rogue extensions from running on the devices of over 420,000 Chrome users whose browsers were infected with the malware.

The extensions were being used to inject ads and cryptocurrency mining tools into websites that the victims visited, and contained keylogging code to record all the actions that a user might take, including keystrokes, mouse clicks and scrolling actions.

The code also gave attackers a way to steal data that a user might enter into a web form, including credit and debit card numbers, CVV codes, phone numbers and email addresses.

Cloud computing was a central theme of Oracle’s supply chain conference Jan. 29-31. While Oracle trails market leaders Amazon Web Services and Microsoft Azure, Senior Vice President Steve Daheb said Oracle is beating the competition in some areas.

“If you look at our cloud-based apps, we’ve had great success with [software-as-a-service), [platform-as-a-service] and [infrastructure-as-a-service],” Daheb told eWEEK. A major way Oracle will win over new cloud accounts is with its Autonomous Database announced last October, he said. Oracle is promising it will do all the maintenance to its cloud-based enterprise database, and updates, patches, provisioning and tuning will be delivered automatically.

Daheb said moving to the cloud for Oracle isn’t just about saving money and reducing IT infrastructure. Like other cloud providers, Oracle can deliver its latest innovations automatically via updates, including the latest advances in machine learning, artificial intelligence and even blockchain.

The next Pwn2Own hacking competition run by Trend Micro's Zero Day Initiative will take place March 14-16 with a record total prize pool of $2 million.

Pwn2Own is a contest in which security researchers attempt to demonstrate previously undisclosed zero-day vulnerabilities in software, with successful attempts being rewarded with cash prizes. There are typically two events a year, with the primary event focused on browser and server technologies and a second event just for mobile technologies.

The March event will have five targets: virtualization, web browsers, enterprise applications, servers and a new Windows Insider Preview Challenge category. VMware and Microsoft are co-sponsoring the event.

Microsoft is giving its enterprise and education customers a little more time before their older versions of Windows 10 begin slipping out of support.

Microsoft provides a major feature update twice a year, but many commercial customers don't update to these Semi-Annual Channel releases right away. They can defer major updates by up to 365 days using Windows Update for Business, but the 18-month countdown until each Windows 10 feature update reaches the end of support keeps ticking away. So on Feb. 1, Microsoft announced it will give "an additional six months of servicing for the Enterprise and Education editions of Windows 10, versions 1607, 1703, and 1709."

Under the new scheme, Windows 10 version 1607, also known as the Anniversary Update, will no longer be supported on Oct. 9, six months after its original April 10 end-of-support date. The Creators Update and Fall Creators Update have new end-of-support dates of April 9, 2019, and Oct. 8, 2019, respectively.