Evernote is a note-taking tool, archiving service and organizer in one and these are just a few of the things this amazing platform is capable of doing. Users can stack notebooks of notes, add reminders, share web content, make a task list, track expenses, integrate with email and more.
A hacker could use the information in Evernote to construct a picture of the user – their spending patterns, friends, relatives, coworkers, daily habits, mother’s maiden name, social security numbers, passport numbers and so much more.
Security researchers have discovered a critical flaw in the Evernote Web Clipper Chrome extension which could allow potential attackers to access a users' personal information from third party services online.
The vulnerability, a Universal Cross-site Scripting (UXSS) referred to as CVE-2019-12592, was discovered by the security company Guardio as part of its ongoing security analysis efforts using a combination of its own internal technology and researchers.
A full 4.6 million people were at risk!
A hacker having access to this information may not need much more if they find passwords and user names.
If not, they can use social engineering to target users. They can send relevant emails, a user is likely to click on.
Once a user clicks and enters credentials, they are able to get access to their account. This technique can be used to target others within the organization as well.
They can steal money, install ransomware and do lots of other malicious things.
Stay safe - Use Phish360 or another service to send fake phishing emails and train users who click.
General cybersecurity training should be done regularly, to any Evernote users and everyone else in the company.
One other important point is web extensions are yet another way hackers can get into your corporate systems – having a policy which is enforceable with regards to browser add-ons is important and should be considered in every organization.
Please read Cybersecurity Essentials For Every Business for the latest ideas on how your business can stay safe online