fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Opera Browser Working on Clipboard Anti-hijacking Feature

Opera Browser Working on Clipboard Anti-hijacking Feature

The Opera browser team is working on a new clipboard monitoring and protection system called Paste Protection, which aims to prevent content hijacking and snooping.

Opera introduced the new feature in development version 83, and Bleeping Computer has tested it on developer version 84, where it’s still present.

Also Read: Top 3 Common Data Protection Mistakes, Revealed

Locking and monitoring

Paste Protection works automatically, monitoring the clipboard for sensitive data and locking it once it is added.

When the user copies a sensitive piece of information, a pop-up appears on the right corner to warn them that the content has been secured.

According to the few details the developers shared at this early development phase, the browser will display a new warning if an external application manages to change the clipboard content.

At this point, Opera hasn’t disclosed precisely which data and in what form is identified as sensitive, so we resorted to testing.

IBAN and Bitcoin wallet addresses qualify as sensitive data that require protection, but strangely, credit card numbers, email addresses, long passwords, and SSNs aren’t treated as such.

Warning on IBAN added onto clipboard
Warning on IBAN added onto clipboard
Bitcoin wallet address copy triggers Paste Protection
Copying Bitcoin wallet address triggers Paste Protection

More types of data will likely be added to the Paste Protection monitoring scheme when the feature is ready to be rolled out in future stable Opera versions.

The latest available Opera stable version is 82, so the new security feature may land on the next release, scheduled for January 2022.

Also Read: The Financial Cost of Ransomware Attack

We have reached out to Opera to learn more about the upcoming feature, and we will update this post as soon as we have a response.

Why Clipboard protection is important

Clipboard protection is an important security feature that all web browsers should copy as it protects users from various malware infections that attempt to hijack a clipboard.

Clipboard hijackers are malware that replaces a copied cryptocurrency wallet address, which is the intended payment destination, with one controlled by the threat actor. Most people don’t memorize cryptocurrency addresses, so the coins or tokens will be sent to the threat actors’ wallets. Users only realize the mistake when the assets don’t appear at the intended address.

However, it’s too late by then, and there is no way to recover the funds.

Secondly, information disclosure through clipboard data capturing is a common feature in many information-stealers, so that the data exfiltration channel is also shut.

Even if Opera’s new feature finds widespread adoption among other browsers, it is still advisable to manually validate the contents of pasted data, especially when performing financial transactions.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us