Home - Article

Featured Article

June 14, 2019

Evernote Flaw is a Social Engineering Goldmine


Evernote is a note-taking tool, archiving service and organizer in one and these are just a few of the things this amazing platform is capable of doing. Users can stack notebooks of notes, add reminders, share web content, make a task list, track expenses, integrate with email and more.

A hacker could use the information in Evernote to construct a picture of the user – their spending patterns, friends, relatives, coworkers, daily habits, mother’s maiden name, social security numbers, passport numbers and so much more.

Security researchers have discovered a critical flaw in the Evernote Web Clipper Chrome extension which could allow potential attackers to access a users' personal information from third party services online.

The vulnerability, a Universal Cross-site Scripting (UXSS) referred to as CVE-2019-12592, was discovered by the security company Guardio as part of its ongoing security analysis efforts using a combination of its own internal technology and researchers.

A full 4.6 million people were at risk!

A hacker having access to this information may not need much more if they find passwords and user names.

If not, they can use social engineering to target users. They can send relevant emails, a user is likely to click on.

Once a user clicks and enters credentials, they are able to get access to their account. This technique can be used to target others within the organization as well.

They can steal money, install ransomware and do lots of other malicious things.

Stay safe - Use Phish360 or another service to send fake phishing emails and train users who click.

General cybersecurity training should be done regularly, to any Evernote users and everyone else in the company.

One other important point is web extensions are yet another way hackers can get into your corporate systems – having a policy which is enforceable with regards to browser add-ons is important and should be considered in every organization.

Please read Cybersecurity Essentials For Every Business for the latest ideas on how your business can stay safe online





Apex Technology Services
Choose from comprehensive, affordable solutions for IT consulting, network services and computer help desk support in Fairfield county including Norwalk, Darien, Stamford, Greenwich, Ridgefield and Bridgeport. Also Westchester county including Rye, New Rochelle, White Plains, Yonkers and New York including Manhattan and the five boroughs.
IT SERVICES

IT SERVICES

Apex Technology Services is a cutting edge MSP offering quality IT support to financial, medical, legal, Fortune 500 and government agencies while adhering to the highest of quality...

LEARN MORE
CYBERSECURITY Services

CYBERSECURITY

Apex Technology Services has the cybersecurity expertise to help your business in a world filled with attackers looking to shut down your business hold it ransom or steal your valuable...

LEARN MORE
CLOUD SERVICES

CLOUD SERVICES

Apex Technology Services delivers a combination of traditional IT functions such as infrastructure as a service (IaaS), applications, software, security, monitoring, storage...

LEARN MORE

Ranked Top 10 Network security Solution Provider

One Stop Shop For All Your Technology Needs


Contact us Now!