134 matches found
CVE-2022-24403 De-anonymization attack in TETRA
The TETRA TA61 identity encryption function internally uses a 64-bit value derived exclusively from the SCK Class 2 networks or CCK Class 3 networks. The structure of TA61 allows for efficient recovery of this 64-bit value, allowing an adversary to encrypt or decrypt arbitrary identities given on...
Clario VPN client security vulnerability
Clario VPN client is a VPN client for Mac from Clario. A security vulnerability exists in Clario VPN client macOS version 5.9.1.1662, which originates when the VPN client insecurely configures the operating system so that all IP traffic that gets to the VPN server's IP address is sent outside the...
Dominion Voting Systems ImageCast X 安全特征问题漏洞
Dominion Voting Systems ImageCast X is an intuitive and configurable face-to-face voting solution from Dominion Voting Systems. A security vulnerability exists in Dominion Voting Systems ImageCast Precinct and ImageCast Evolution, which stems from a flaw in the pseudo-random number generator that...
Design/Logic Flaw
An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. The UserImpactHandler for GrowthExperiments inadvertently returns the timezone preference for arbitrary users, which can be used to de-anonymize users...
CVE-2023-29137
An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. The UserImpactHandler for GrowthExperiments inadvertently returns the timezone preference for arbitrary users, which can be used to de-anonymize users...
CVE-2023-29137
Summary: CVE-2023-29137 concerns the GrowthExperiments extension for MediaWiki (up to 1.39.3). The UserImpactHandler inadvertently returns the timezone preference for arbitrary users, enabling potential de-anonymization. The issue is rooted in the extension’s handling of user data (timezone prefe...
Debian: Security Advisory (DLA-650-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-25169
CVE-2023-25169 affects the Discourse Yearly Review plugin. In affected versions, a user appearing in a yearly review topic that is later anonymised may still have data linked to the original account. The issue has been patched in commit b3ab33bbf7 and is included in the latest plugin version. Mit...
New Cache Side Channel Attack Can De-Anonymize Targeted Online Users
A group of academics from the New Jersey Institute of Technology NJIT has warned of a novel technique that could be used to defeat anonymity protections and identify a unique website visitor. "An attacker who has complete or partial control over a website can learn whether a specific target i.e.,...
New Browser De-anonymization Technique
Researchers have a new way to de-anonymize browser users, by correlating their behavior on one account with their behavior on another: The findings, which NJIT researchers will present at the Usenix Security Symposium in Boston next month, show how an attacker who tricks someone into loading a...
U.S. FTC Vows to Crack Down on illegal Use and Sharing of Citizens' Sensitive Data
The U.S. Federal Trade Commission FTC warned this week that it will crack down on tech companies' illegal use and sharing of highly sensitive data and false claims about data anonymization. "While many consumers may happily offer their location data in exchange for real-time crowd-sourced advice ...
Automattic: De-anonymize anonymous tips through the Tumblr blog network
Hey y’all! 👋 Hope all is well! Summary: I noticed that, if you send an anonymous tip through the Tumblr dashboard, you can be de-anonymized through the notes view on the blog network & maybe elsewhere?. Platforms Affected: All platforms, but requires a blog that is served on the blog network. Ste...
Was threat actor KAX17 de-anonymizing the Tor network?
A mysterious threat actor has run thousands of malicious servers in entry, middle, and exit positions of the Tor network. Tracked as KAX17, the threat actor ran at its peak more than 900 malicious servers part of the Tor network, which typically tends to hover around a daily total of up to...
Kodex - A Privacy And Security Engineering Toolkit: Discover, Understand, Pseudonymize, Anonymize, Encrypt And Securely Share Sensitive And Personal Data: Privacy And Security As Code
Kodex Community Edition - CE is an open-source toolkit for privacy and security engineering. It helps you to automate data security and data protection measures in your data engineering workflows. It offers the following functionality: Read data items from a variety of sources such as files,...
De-anonymization Story
This is important: Monsignor Jeffrey Burrill was general secretary of the US Conference of Catholic Bishops USCCB, effectively the highest-ranking priest in the US who is not a bishop, before records of Grindr usage obtained from data brokers was correlated with his apartment, place of work,...
Kali-Whoami - A Privacy Tool Developed To Keep You Anonymous On Kali Linux At The Highest Level
The purpose of the Whoami tool makes you as anonymous as possible on Kali linux. It is an user friendly with its ease of use and simple interface. It follows two different paths to ensure the highest possible level of anonymity. Finally, don't forget that there is never a hundred percent security...
CVE-2021-32750
MuWire is a file publishing and networking tool that protects the identity of its users by using I2P technology. Users of MuWire desktop client prior to version 0.8.8 can be de-anonymized by an attacker who knows their full ID. An attacker could send a message with a subject line containing a URL...
CVE-2021-32750
MuWire is a file publishing and networking tool that protects the identity of its users by using I2P technology. Users of MuWire desktop client prior to version 0.8.8 can be de-anonymized by an attacker who knows their full ID. An attacker could send a message with a subject line containing a URL...
Design/Logic Flaw
MuWire is a file publishing and networking tool that protects the identity of its users by using I2P technology. Users of MuWire desktop client prior to version 0.8.8 can be de-anonymized by an attacker who knows their full ID. An attacker could send a message with a subject line containing a URL...
CVE-2021-32750 De-anonymization via message
MuWire is a file publishing and networking tool that protects the identity of its users by using I2P technology. Users of MuWire desktop client prior to version 0.8.8 can be de-anonymized by an attacker who knows their full ID. An attacker could send a message with a subject line containing a URL...