How to collect data for ADC Gateway, Storefront, and VDA issues

To provide a comprehensive guide on how to properly collect data for issues with ADC when these issues are related to Gateway, Storefront, or VDA connectivity issues...

Popular iOS SDK Accused of Spying on Billions of Users and Committing Ad Fraud

A popular iOS software development kit SDK used by over 1,200 apps—with a total of more than a billion mobile users—is said to contain malicious code with the goal of perpetrating mobile ad-click fraud and capturing sensitive information. According to a report published by cybersecurity firm Snyk...

Hyperledger: The “payload” Field of Transactions in a Block Reveals the Private Data to All Peers

To whom it may concern, We are a research group conducting research on Hyperledger Fabric 2.0. We find a design flaw about the “payload” field of transactions, which can reveal the Private Data to all peers in one channel. When a client invokes a function to read the private data, the is stored i...

TikTok Surreptitiously Collected Android User Data Using Google-Prohibited Tactic

TikTok has been collecting unique identifiers from millions of Android devices without their users’ knowledge using a tactic previously prohibited by Google because it violated people’s privacy, new research has found. Click to register! The app concealed the practice, which can track users onlin...

How Facebook and Other Sites Manipulate Your Privacy Choices

Social media platforms repeatedly use so-called dark patterns to nudge you toward giving away more of your data...

CVE-2020-15593

SteelCentral Aternity Agent 11.0.0.120 on Windows mishandles IPC. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It distributes functionality among different processes and uses IPC Inter-Process Communicati...

DJI Drone App Riddled With Privacy Issues, Researchers Allege

Leading commercial drone maker DJI is hitting back against researcher allegations that its Android mobile application is riddled with privacy holes. One includes that the app continues to run in the background even after it’s been closed and collects sensitive data from users without consent. The...

Researchers Reveal New Security Flaw Affecting China's DJI Drones

Cybersecurity researchers on Thursday revealed security issues in the Android app developed by Chinese drone-maker Da Jiang Innovations DJI that comes with an auto-update mechanism that bypasses Google Play Store and could be used to install malicious applications and transmit sensitive personal...

Lock and Code S1Ep11: Locating concerns of Bluetooth and beacon technology with Chris Boyd

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Chris Boyd, lead malware intelligence analyst for Malwarebytes, about Bluetooth and beacon technology. Last month, cybersecurity experts warned the publi...

New Android Malware Now Steals Passwords For Non-Banking Apps Too

BlackRock does the data collection by abusing Android's Accessibility Service privileges, for which it seeks users' permissions under the guise of fake Google updates when it's launched for the first time on the device, as shown in the shared screenshots. Subsequently, it goes on to grant itself...

The vulnerability of the EKOM-3000 data collection and transmission device, which arises due to insufficient verification of input data, allows a perpetrator to cause temporary service interruption of the device’s web service.

The vulnerability of the ECOOM-3000 data collection and transmission device exists due to insufficient verification of input data. Exploiting this vulnerability could allow a malicious actor to temporarily disrupt the web service of the device’s operation...

The vulnerability of the EKOM-3000 data collection and transmission device, related to the use of pre-set account data, allows a perpetrator to gain access to the device.

The vulnerability of the ECOM-3000 data collection and transmission device is related to the use of pre-set credentials. Exploiting this vulnerability could allow a remote attacker to gain access to the device...

The vulnerability of the EKOM-3000 data collection and transmission device lies in the lack of protection for transmitted data, allowing unauthorized access to protected information by intruders.

The vulnerability of the ECOM-3000 data collection and transmission device lies in the lack of protection for the transmitted data. Exploiting this vulnerability could allow an unauthorized attacker to gain unauthorized access to the protected information...

Over 100 New Chrome Browser Extensions Caught Spying On Users

Google recently removed 106 more extensions from its Chrome Web Store after they were found illegally collecting sensitive user data as part of a "massive global surveillance campaign" targeting oil and gas, finance, and healthcare sectors. Awake Security, which disclosed the findings late last...

How To Stop Instagram From Tracking Everything You Do

Though the Facebook-owned app doesn't give users complete control, there are ways to limit the data it collects and the types of ads you see...

Attacker-Group-Predictor - Tool To Predict Attacker Groups From The Techniques And Software Used

The tool predicts attacker groups from techniques and softwares used. It searches based on the MITRE ATT&CK framework How it works? 1- Collect data from https://attack.mitre.org/ about attacker groups 2- Get data from user about attack 3- Compare data and create result Installation git clone...

Google Faces Privacy Lawsuit Over Tracking Users in Incognito Mode

Google faces a $5 billion class-action lawsuit over claims that it has been collecting people’s browsing information without their knowledge even when using the incognito browsing mode that’s meant to keep their online activities private. The lawsuit, filed in the federal court in San Jose,...

Exploit for OS Command Injection in Exim

Exim CVE Data Collection Data Collection Related to Exim Vuln...

Google Location Tracking Lambasted in Arizona Lawsuit

Google has been hit by a lawsuit alleging that it violates user privacy by collecting location data via various means – and claiming that Google makes it nearly “impossible” for users to opt out of such data tracking. The lawsuit, filed by Arizona Attorney General Mark Brnovich, alleges that Goog...

Utah Says No to Apple/Google COVID-19 Tracing; Debuts Startup App

The state of Utah has settled on a contact-tracing mobile app that collects detailed user location information to track the spread of COVID-19 among citizens – eschewing the API model proposed by Apple and Google in April. The app is called “Healthy Together” and it was created by a startup calle...