Lucene search
K

189 matches found

The Hacker News
The Hacker News
added 2021/02/06 10:30 a.m.3 views

WARNING — Hugely Popular 'The Great Suspender' Chrome Extension Contains Malware

Google on Thursday removed The Great Suspender , a popular Chrome extension used by millions of users, from its Chrome Web Store for containing malware. It also took the unusual step of deactivating it from users' computers. "This extension contains malware," read a terse notification from Google...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/06 10:30 a.m.115 views

WARNING — Hugely Popular 'The Great Suspender' Chrome Extension Contains Malware

Google on Thursday removed The Great Suspender, a popular Chrome extension used by millions of users, from its Chrome Web Store for containing malware. It also took the unusual step of deactivating it from users' computers. "This extension contains malware," read a terse notification from Google,...

1.3AI score
Exploits0
ThreatPost
ThreatPost
added 2020/10/20 10:48 a.m.42 views

Google’s Waze Can Allow Hackers to Identify and Track Users

A security researcher has discovered a vulnerability in Google’s Waze app that can allow hackers to identify people using the popular navigation app and track them by their location. Security DevOps engineer Peter Gasper discovered an API flaw in the navigation software that allowed him to track...

1.5AI score
Exploits0References8
OSV
OSV
added 2020/09/11 9:9 p.m.10 views

GHSA-R863-P739-275C Malicious Package in reuest

All versions of reuest typosquatted a popular package of similar name and tracked users who had installed the incorrect package. The package uploaded information to a remote server including: name of the downloaded package, name of the intended package, the Node version and whether the process wa...

9.8CVSS6.8AI score
Exploits0References1
OSV
OSV
added 2020/09/02 9:30 p.m.10 views

GHSA-PM9V-325F-5G74 Malicious Package in saync

All versions of saync typosquatted a popular package of similar name and tracked users who had installed the incorrect package. The package uploaded information to a remote server including: name of the downloaded package, name of the intended package, the Node version and whether the process was...

9.8CVSS6.8AI score
Exploits0References1
OSV
OSV
added 2020/09/02 8:33 p.m.10 views

GHSA-H44F-769Q-J6PX Malicious Package in requet

All versions of requet typosquatted a popular package of similar name and tracked users who had installed the incorrect package. The package uploaded information to a remote server including: name of the downloaded package, name of the intended package, the Node version and whether the process wa...

9.8CVSS6.8AI score
Exploits0References1
OSV
OSV
added 2020/09/02 8:25 p.m.12 views

GHSA-6C37-2RW5-9J7X Malicious Package in requesst

All versions of requesst typosquatted a popular package of similar name and tracked users who had installed the incorrect package. The package uploaded information to a remote server including: name of the downloaded package, name of the intended package, the Node version and whether the process...

9.8CVSS6.8AI score
Exploits0References1
OSV
OSV
added 2020/09/02 6:34 p.m.9 views

GHSA-X6CH-C6RV-F7WH Malicious Package in asymc

All versions of asymc typosquatted a popular package of similar name and tracked users who had installed the incorrect package. The package uploaded information to a remote server including: name of the downloaded package, name of the intended package, the Node version and whether the process was...

9.8CVSS6.8AI score
Exploits0References1
CNVD
CNVD
added 2020/05/19 12:0 a.m.4 views

OpenTrace has an unspecified vulnerability

OpenTrace is an implementation of the BlueTrace Epidemiology Contact Tracking Privacy Protection Protocol. A security vulnerability exists in OpenTrace used in COVIDSafe 1.0.17 and earlier versions, TraceTogether and ABTraceTogether and other apps iOS and Android, which can be exploited by a remo...

9.8CVSS6.9AI score0.05142EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2020/05/07 4:39 a.m.49 views

CVE-2019-10638

A flaw was found in the way the Linux kernel derived the IP ID field from a partial kernel space address returned by a nethashmix function. A remote user could observe a weak IP ID generation in this field to track Linux devices...

6.5CVSS2.8AI score0.02571EPSS
Exploits0References4
Veracode
Veracode
added 2020/04/10 12:43 a.m.46 views

Insecure Randomness

firefox is vulnerable to insecure randomness. The vulnerability exists as a flaw was found in the Firefox Math.random function. This function could be used to identify a browsing session and track a user across different websites...

4.9CVSS2.7AI score0.01141EPSS
Exploits1References31Affected Software7
Schneier on Security
Schneier on Security
added 2020/02/10 12:6 p.m.30 views

Apple's Tracking-Prevention Feature in Safari has a Privacy Bug

Last month, engineers at Google published a very curious privacy bug in Apple's Safari web browser. Apple's Intelligent Tracking Prevention, a feature designed to reduce user tracking, has vulnerabilities that themselves allow user tracking. Some details: ITP detects and blocks tracking on the we...

0.3AI score
Exploits0
NVD
NVD
added 2019/12/18 6:15 p.m.19 views

CVE-2019-8541

A privacy issue existed in motion sensor calibration. This issue was addressed with improved motion sensor processing. This issue is fixed in iOS 12.2, watchOS 5.2. A malicious app may be able to track users between installs...

3.3CVSS2.7AI score0.00334EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/12/18 5:33 p.m.26 views

CVE-2019-8541

A privacy issue existed in motion sensor calibration. This issue was addressed with improved motion sensor processing. This issue is fixed in iOS 12.2, watchOS 5.2. A malicious app may be able to track users between installs...

2.8AI score0.00334EPSS
Exploits0References2
Wired Threat Level
Wired Threat Level
added 2019/12/15 12:0 p.m.44 views

5G Is More Secure Than 4G and 3G—Except When It’s Not

The next-generation wireless networks make it harder to track and spoof users, but security holes remain because devices still connect to older networks...

2.3AI score
Exploits0
Hacker One
Hacker One
added 2019/10/26 9:18 a.m.80 views

Imgur: De-anonymization Attack: Cross Site Information Leakage

Dear Imgur Security Team, We are researchers at the IMDEA Software Institute in Madrid, Spain. We have been working on analyzing Cross-Site Browser Leaks xsleaks and building a tool for finding instances of it on target web sites. Recently we tested imgur.com and discovered a flaw that can affect...

Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2019/08/11 5:21 a.m.79 views

Dating apps that track users from home to work and everywhere in-between

TL;DR We were able to precisely locate and track the users of four major dating apps, potentially putting at risk 10 million users This risk level is elevated for the LGBT+ community who may use these apps in countries with poor human rights where they may be subject to arrest and persecution. Ap...

6.5AI score
Exploits0
Veracode
Veracode
added 2019/05/31 1:29 a.m.10 views

Malicious Package

saync is a malicious package which typosquatted a popular package with a similar name. It tracks user information such as name of the downloaded package, name of the intended package, the Node version and whether the process was running as sudo and uploaded the information to a remote server...

6.5AI score
Exploits0
Node.js
Node.js
added 2019/05/06 2:18 p.m.11 views

Malicious Package

Overview All versions of requst typosquatted a popular package of similar name and tracked users who had installed the incorrect package. The package uploaded information to a remote server including: name of the downloaded package, name of the intended package, the Node version and whether the...

6.6AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/05/06 2:16 p.m.16 views

Malicious Package

Overview All versions of reequest typosquatted a popular package of similar name and tracked users who had installed the incorrect package. The package uploaded information to a remote server including: name of the downloaded package, name of the intended package, the Node version and whether the...

6.6AI score
Exploits0Affected Software1
Rows per page
Query Builder