74 matches found
EUVD-2025-209819
The Broadstreet plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the createadvertiser AJAX action in all versions up to, and including, 1.53.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create...
Meta Files Lawsuits Against Brazil, China, Vietnam Advertisers Over Celeb-Bait Scams
Meta on Thursday said it's taking legal action to tackle scams on its platforms by filing lawsuits against what it calls deceptive advertisers based in Brazil, China, and Vietnam. As part of the effort, the advertisers' methods of payment have been suspended, related accounts have been disabled,...
Revive Adserver: Stored XSS in Conversion Statistics via Tracker Name
I found stored XSS on the conversion statistics page. Advertisers can inject malicious JavaScript through tracker names, which executes when admins view conversion reports www/admin/stats-conversions.php:356. I was able to steal admin session cookies using this vulnerability. This is a privilege...
Roku accused of selling children’s data to advertisers and brokers
The state of Florida has accused Roku, which powers many smart TVs and streaming devices, of selling children's data to third parties without their consent. According to the Florida Attorney General James Uthmeier, Roku collected viewing habits, voice recordings, and precise geolocation from kids...
Microsoft advertisers phished via malicious Google ads
Just days after we uncovered a campaign targeting Google Ads accounts, a similar attack has surfaced, this time aimed at Microsoft advertisers. These malicious ads, appearing on Google Search, are designed to steal the login information of users trying to access Microsoft's advertising platform...
Repeat offenders drive bulk of tech support scams via Google Ads
Of all the different kinds of malicious search ads we track, those related to customer service are by far the most common. Brands such as PayPal, eBay, Apple or Netflix are among the most coveted ones as they tend to drive a lot of online searches. Tech support scammers are leveraging Google ads ...
South Korea Fines Meta $15.67M for Illegally Sharing Sensitive User Data with Advertisers
Meta has been fined 21.62 billion won $15.67 million by South Korea's data privacy watchdog for illegally collecting sensitive personal information from Facebook users, including data about their political views and sexual orientation, and sharing it with advertisers without their consent. The...
Why blocking ads is good for your digital health
Online content is largely powered and paid for by advertising. Almost every site you visit, every forum you browse, and even the online stores you buy things from is an advert extravaganza, and they dont just stop at showing cool offers for shirts at 50% off. The scaffolding the adverts sit on go...
How the cops buy a "God view" of your location data, with Bennett Cyphers: Lock and Code S04E09
The list of people and organizations that are hungry for your location data--collected so routinely and packaged so conveniently that it can easily reveal where you live, where you work, where you shop, pray, eat, and relax--includes many of the usual suspects. Advertisers, obviously, want to sen...
Happy 12th Birthday, KrebsOnSecurity.com!
KrebsOnSecurity.com celebrates its 12th anniversary today! Maybe "celebrate" is too indelicate a word for a year wracked by the global pandemics of COVID-19 and ransomware. Especially since stories about both have helped to grow the audience here tremendously in 2021. But this sites birthday also...
This Week in Security News - August 6, 2021
This week, learn how false advertisers use spam browser notifications to gain ad revenue. Also, read about the results from Trend Micro’s first half 2021 biannual Cyber Risk Index report...
Kids’ Apps on Google Play Rife with Privacy Violations
About 20 percent of the Top 500 kids’ mobile apps in the Google Play store are collecting data on users in a way that likely violates the Children’s Online Privacy Protection Act COPPA. These have been downloaded by a collective 492 million users, researchers said. That’s according to an analysis...
What’s Google FLoC? And How Does It Affect Your Privacy?
There’s a battle raging over how advertisers can target us on the web—or whether they should be able to target us at all...
CopperStealer Malware Targets Facebook and Instagram Business Accounts
A malware that until now has gone undocumented has been quietly hijacking online accounts of advertisers and users of Facebook, Apple, Amazon, Google and other web giants since July 2019 and then using them for nefarious activity, researchers have found. Dubbed CopperStealer, the malware acts...
The Chrome Update Is Bad for Advertisers, but Good for Google
The world’s most popular browser is about to make it a lot harder for advertisers to track your online activity...
IBM Settles Lawsuit Over Weather Channel App Data Privacy
IBM, the owner of the Weather Channel mobile app, has reached a settlement with the Los Angeles city attorney’s office after a 2019 lawsuit alleged that the app was deceiving its users in how it was using their geolocation data. The 2019 lawsuit claimed, the app’s permission prompt for users to...
Thousands of Android Apps Are Silently Accessing Your Data
More than 4,000 Google Play apps let developers and advertisers collect a list of the user's other installed apps, no permission needed...
Facebook's Download-Your-Data Tool Is Incomplete
Privacy International has the details: Key facts: Despite Facebook claim, "Download Your Information" doesn't provide users with a list of all advertisers who uploaded a list with their personal data. As a user this means you can't exercise your rights under GDPR because you don't know which...
Malicious Android SDKs Caught Accessing Facebook and Twitter Users Data
Two third-party software development kits integrated by over hundreds of thousands of Android apps have been caught holding unauthorized access to users' data associated with their connected social media accounts. In a blog post published yesterday, Twitter revealed that an SDK developed by...
Unencrypted Mobile Traffic on Tor Network Leaks PII
Unencrypted, sensitive and confidential user data originating from millions of mobile devices is carried on the Tor network every day. Now researchers say they have devised away to scoop up that data and create personal profiles for specific mobile users, that include GPS coordinates, web...