SoK: Enhancing Privacy-Preserving Software Development from a Developers' Perspective

In software development, privacy preservation has become essential with the rise of privacy concerns and regulations such as GDPR and CCPA. While several tools, guidelines, methods, methodologies, and frameworks have been proposed to support developers embedding privacy into software applications...

Apple warns of “privacy and security threats” after EU requires it to allow sideloading

Despite several warnings about the risks, Apple will allow European iPhone owners to install apps obtained from outside the official App store sideloading. These drastic changes are brought about to comply with the European Union’s EU Digital Markets Act DMA. The Digital Markets Act DMA establish...

Orchid Deserialization of Untrusted Data vulnerability leads to Remote Code Execution

Orchid is a Laravel package that allows application development of back-office applications, admin/user panels, and dashboards. Impact A vulnerability present starting in version 14.0.0-alpha4 and prior to version 14.5.0 is related to the deserialization of untrusted data from the state query...

Someone Hijacks A Popular Chrome Extension to Push Malware

Phishers have recently hacked an extension for Google Chrome after compromising the Chrome Web Store account of German developer team a9t9 software and abused to distribute spam messages to unsuspecting users. Dubbed Copyfish, the extension allows users to extract text from images, PDF documents...

New Google Tools Help Devs Improve Content Security Policy Protection

Cross-site scripting is the cockroach of web application security vulnerabilities, enjoying continued longevity despite the abundant availability of scanning tools and programming advice designed to squash it. Google yesterday took another shot at eradicating XSS attacks with the release of two...

Apple Mac OS X 10.11 'El Capitan' Update unveiled at WWDC 2015

After Google made its Android users happy by unveiling new features in Google I/O developer conference last month, it’s now time for Apple fans…WWDC 2015 event is upon us. Apple’s Worldwide Developers Conference is going on in San Francisco and the company has many new surprises for its users. On...

WordPress Organizer 1.2.1 XSS / CSRF / Shell Upload

Hello list! I want to warn you about multiple security vulnerabilities in plugin Organizer for WordPress. This is the second in series of advisories concerning vulnerabilities in this plugin. These are Cross-Site Scripting reflected and persistent, Cross-Site Request Forgery and Arbitrary File...