189 matches found
WARNING — Hugely Popular 'The Great Suspender' Chrome Extension Contains Malware
Google on Thursday removed The Great Suspender , a popular Chrome extension used by millions of users, from its Chrome Web Store for containing malware. It also took the unusual step of deactivating it from users' computers. "This extension contains malware," read a terse notification from Google...
WARNING — Hugely Popular 'The Great Suspender' Chrome Extension Contains Malware
Google on Thursday removed The Great Suspender, a popular Chrome extension used by millions of users, from its Chrome Web Store for containing malware. It also took the unusual step of deactivating it from users' computers. "This extension contains malware," read a terse notification from Google,...
Google’s Waze Can Allow Hackers to Identify and Track Users
A security researcher has discovered a vulnerability in Google’s Waze app that can allow hackers to identify people using the popular navigation app and track them by their location. Security DevOps engineer Peter Gasper discovered an API flaw in the navigation software that allowed him to track...
GHSA-R863-P739-275C Malicious Package in reuest
All versions of reuest typosquatted a popular package of similar name and tracked users who had installed the incorrect package. The package uploaded information to a remote server including: name of the downloaded package, name of the intended package, the Node version and whether the process wa...
GHSA-PM9V-325F-5G74 Malicious Package in saync
All versions of saync typosquatted a popular package of similar name and tracked users who had installed the incorrect package. The package uploaded information to a remote server including: name of the downloaded package, name of the intended package, the Node version and whether the process was...
GHSA-H44F-769Q-J6PX Malicious Package in requet
All versions of requet typosquatted a popular package of similar name and tracked users who had installed the incorrect package. The package uploaded information to a remote server including: name of the downloaded package, name of the intended package, the Node version and whether the process wa...
GHSA-6C37-2RW5-9J7X Malicious Package in requesst
All versions of requesst typosquatted a popular package of similar name and tracked users who had installed the incorrect package. The package uploaded information to a remote server including: name of the downloaded package, name of the intended package, the Node version and whether the process...
GHSA-X6CH-C6RV-F7WH Malicious Package in asymc
All versions of asymc typosquatted a popular package of similar name and tracked users who had installed the incorrect package. The package uploaded information to a remote server including: name of the downloaded package, name of the intended package, the Node version and whether the process was...
OpenTrace has an unspecified vulnerability
OpenTrace is an implementation of the BlueTrace Epidemiology Contact Tracking Privacy Protection Protocol. A security vulnerability exists in OpenTrace used in COVIDSafe 1.0.17 and earlier versions, TraceTogether and ABTraceTogether and other apps iOS and Android, which can be exploited by a remo...
CVE-2019-10638
A flaw was found in the way the Linux kernel derived the IP ID field from a partial kernel space address returned by a nethashmix function. A remote user could observe a weak IP ID generation in this field to track Linux devices...
Insecure Randomness
firefox is vulnerable to insecure randomness. The vulnerability exists as a flaw was found in the Firefox Math.random function. This function could be used to identify a browsing session and track a user across different websites...
Apple's Tracking-Prevention Feature in Safari has a Privacy Bug
Last month, engineers at Google published a very curious privacy bug in Apple's Safari web browser. Apple's Intelligent Tracking Prevention, a feature designed to reduce user tracking, has vulnerabilities that themselves allow user tracking. Some details: ITP detects and blocks tracking on the we...
CVE-2019-8541
A privacy issue existed in motion sensor calibration. This issue was addressed with improved motion sensor processing. This issue is fixed in iOS 12.2, watchOS 5.2. A malicious app may be able to track users between installs...
CVE-2019-8541
A privacy issue existed in motion sensor calibration. This issue was addressed with improved motion sensor processing. This issue is fixed in iOS 12.2, watchOS 5.2. A malicious app may be able to track users between installs...
5G Is More Secure Than 4G and 3G—Except When It’s Not
The next-generation wireless networks make it harder to track and spoof users, but security holes remain because devices still connect to older networks...
Imgur: De-anonymization Attack: Cross Site Information Leakage
Dear Imgur Security Team, We are researchers at the IMDEA Software Institute in Madrid, Spain. We have been working on analyzing Cross-Site Browser Leaks xsleaks and building a tool for finding instances of it on target web sites. Recently we tested imgur.com and discovered a flaw that can affect...
Dating apps that track users from home to work and everywhere in-between
TL;DR We were able to precisely locate and track the users of four major dating apps, potentially putting at risk 10 million users This risk level is elevated for the LGBT+ community who may use these apps in countries with poor human rights where they may be subject to arrest and persecution. Ap...
Malicious Package
saync is a malicious package which typosquatted a popular package with a similar name. It tracks user information such as name of the downloaded package, name of the intended package, the Node version and whether the process was running as sudo and uploaded the information to a remote server...
Malicious Package
Overview All versions of requst typosquatted a popular package of similar name and tracked users who had installed the incorrect package. The package uploaded information to a remote server including: name of the downloaded package, name of the intended package, the Node version and whether the...
Malicious Package
Overview All versions of reequest typosquatted a popular package of similar name and tracked users who had installed the incorrect package. The package uploaded information to a remote server including: name of the downloaded package, name of the intended package, the Node version and whether the...