Cross browser fingerprinting SQL注入漏洞

Cross browser fingerprinting is a cross-browser user tracking fingerprint library developed by Song Li as an individual developer. Cross browser fingerprinting has a SQL injection vulnerability, which stems from incorrect handling of parameter IDs in the flask/uniquemachineapp.py file. This...

Increase in Lumma Stealer Activity Coincides with Use of Adaptive Browser Fingerprinting Tactics

In this blog entry, Trend™ Research analyses the layered command-and-control approaches that Lumma Stealer uses to maintain its ongoing operations while enhancing collection of victim-environment data...

EUVD-2022-38819

Malicious code in bioql PyPI...

The WASM Cloak: Evaluating Browser Fingerprinting Defenses under WebAssembly Based Obfuscation

Browser fingerprinting defenses have historically focused on detecting JavaScriptJS-based tracking techniques. However, the widespread adoption of WebAssembly WASM introduces a potential blind spot, as adversaries can convert JS to WASM's low-level binary format to obfuscate malicious logic. This...

Local Frames: Exploiting Inherited Origins to Bypass Content Blockers

We present a study of how local frames i.e., iframes with non-URL sources like "about:blank" are mishandled by a wide range of popular Web security and privacy tools. As a result, users of these tools remain vulnerable to the very attack techniques they seek to protect against, including browser...

The Power of Browser Fingerprinting: Personalized UX, Fraud Detection, and Secure Logins

The case for browser fingerprinting: personalizing user experience, improving fraud detection, and optimizing login security Have you ever heard of browser fingerprinting? You should! It's an online user identification technique that collects information about a visitor's web browser and its...

The Power of Browser Fingerprinting: Personalized UX, Fraud Detection, and Secure Logins

The case for browser fingerprinting: personalizing user experience, improving fraud detection, and optimizing login security Have you ever heard of browser fingerprinting? You should! It's an online user identification technique that collects information about a visitor's web browser and its...

CVE-2022-36048

Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. When displaying messages with embedded remote images, Zulip normally loads the image preview via a go-camo proxy server. However, an attacker who can send messages could include a crafted URL...

CVE-2022-36048 IP address leak via image proxy bypass in Zulip Server

Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. When displaying messages with embedded remote images, Zulip normally loads the image preview via a go-camo proxy server. However, an attacker who can send messages could include a crafted URL...

PT-2022-23141 · Unknown · Zulip Server

Name of the Vulnerable Software and Affected Versions: Zulip Server versions prior to 5.6 Description: The issue arises when displaying messages with embedded remote images. Normally, Zulip loads the image preview via a go-camo proxy server. However, an attacker who can send messages could includ...

Watering Hole Attacks Push ScanBox Keylogger

A China-based threat actor has ramped up efforts to distribute the ScanBox reconnaissance framework to victims that include domestic Australian organizations and offshore energy firms in the South China Sea. The bait used by the advanced threat group APT is targeted messages that supposedly link...

The Quiet Way Advertisers Are Tracking Your Browsing

Cookies are on the way out—but not enough is being done about browser fingerprinting. So what is it?...

Your Graphics Card Fingerprint Can Be Used to Track Your Activities Across the Web

Researchers have demonstrated a new type of fingerprinting technique that exploits a machine's graphics processing unit GPU as a means to persistently track users across the web. Dubbed DrawnApart, the method "identifies a device from the unique properties of its GPU stack," researchers from...

New Attack Lets Hackers Collect and Spoof Browser's Digital Fingerprints

A "potentially devastating and hard-to-detect threat" could be abused by attackers to collect users' browser fingerprinting information with the goal of spoofing the victims without their knowledge, thus effectively compromising their privacy. Academics from Texas A&M University dubbed the attack...

Google FLoC puts ad trackers on a cookie-free diet

Cookie tracking is dying and Google needs a replacement. Its betting on FLoC, an ad tracking technology that lets it understand peoples behaviour while respecting their privacy. Google has announced that its tests show promising signs that FLoC is working. Is this a milestone on the road to more...

Mozilla and Google Browsers Get Security, Anti-Tracking Boosts

Browsers Firefox and Chrome received updates this week, both adding security and privacy tools that help with password management and help block sites that track users. Mozilla’s Firefox browser introduced an “Enhanced Tracking Protection” feature that blocks over 1,000 third-party companies that...

Sneaky Web Tracking Technique Under Heavy Scrutiny by GDPR

What will new General Data Protection Regulation laws mean for websites that use sneaky web trackers such as browser fingerprinting to profile visitors? Privacy experts say the practice is likely illegal under the newly-enacted GDPR regulation. But they also say don’t expect the method of trackin...

Firefox 58 to Block Canvas Browser Fingerprinting By Default to Stop Online Tracking

Do you know? Thousands of websites use HTML5 Canvas—a method supported by all major browsers that allow websites to dynamically draw graphics on web pages—to track and potentially identify users across the websites by secretly fingerprinting their web browsers. Over three years ago, the concern...

Websites Can Now Track You Online Across Multiple Web Browsers

You might be aware of websites, banks, retailers, and advertisers tracking your online activities using different Web "fingerprinting" techniques even in incognito/private mode, but now sites can track you anywhere online — even if you switch browsers. A team of researchers has recently developed...

LocalTapiola: Suspicious browser fingerprinting(?) scripts on http://www.lahitapiola.fi/ redirector

I was doing some routine scanning of my Internet traffic at work I work as a Security Researcher for Forcepoint and noticed that my IDS popped up alarms of a ton of suspicious behaviour when I was trying to access http://www.lahitapiola.fi/ front page. It turned out that there seems to be a lot o...