CyberNews Briefs

Evernote Critical Flaw Opened Personal Data of Millions to Attack

Gaurdio researchers recently uncovered a major cross site scripting (XSS) flaw in the Chrome extension for the popular note-taking app Evernote. The vulnerability made it possible for threat actors to steal highly sensitive data belonging to more than 4.6 million users.

By exploiting the flaw, attackers could obtain unauthorized “access to social media (reading and posting content), financial transaction history, private shopping lists, and more.” Gaurdio disclosed the flaw to Evernote at the end of may, prompting the firm to issue a patch on June 4.

Read more: Evernote Critical Flaw Opened Personal Data of Millions to Attack

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.