All five extensions discovered by McAfee behave with the web app manifest (“manifest.json” file), which dictates how the extension should behave on the system, loads a multifunctional script (B0.js) that sends the browsing data to a domain the attackers control (“langhort[.]com”).The data is delivered through via POST requests each time the user visits a new URL. The info reaching […]
Twilio, which earlier this month became a sophisticated phishing attack, disclosed last week that the threat actors also managed to gain access to the accounts of 93 individual users of its Authy two-factor authentication (2FA) service.
Observer: “Probably to avoid answering questions about Facebook’s cover-up of the Cambridge Analytica data breach Facebook has settled for an undisclosed sum this case just days away from Mark Zuckerberg being cross-examined under oath for six hours.”
Propietary software and technical information stolen of LastPass. No effects according to LastPass on 33 million active end-users and more than 100.000 businesses. LastPass says to update customers with transparency. Up2now LastPass didn’t elaborate on the exact mitigation techniques that it used to strengthen its environment. It also reiterated that the break-in had no impact […]
Oracle is an important part of the tracking and data industry. It has claimed to have amassed detailed dossiers on 5 billion people, and generates $42.4 billion in annual revenue. Oracle’s dossiers about people include names, home addresses, emails, purchases online and in the real world, physical movements in the real world, income, interests and […]
iOS Apps that have their own In-App Browser, but what does it do with your privacy? Does the app: – provide a button to open the currently shown link in the default browser?– inject JavaScript code into third party websites to modify its content? This includes adding tracking code (like inputs, text selections, taps, etc.), […]
Security researchers from CYFIRMA have discovered over 80,000 Hikvision cameras affected by a critical command injection vulnerability tracked as CVE-2021-36260. The Chinese vendor addressed the issue in September 2021, but tens of thousands of devices are yet to be patched. An attacker can exploit the flaw by sending specially crafted messages to the web server […]
African governments, large corporates, and tech entrepreneurs have embraced the West’s vision of a universal identity system. With support from the World Bank’s Identification for Development (ID4D) programme, governments across Africa have foisted elaborate and expensive biometric ID schemes on citizens and residents with little pushback from civil society. Both the World Bank and digital […]
A vulnerability in the Android version of the Ring app, which is used to remotely manage Amazon Ring outdoor (video doorbell) and indoor surveillance cameras, could have been exploited by attackers to extract users’ personal data and device’s data, including geolocation, address, and recordings.
The built in web browser of Meta for the iPhone Facebook and Instagram applications can collect far more information about users than they probably realize. It can “track every single interaction with external websites,” according to a developer.