26 matches found
A LINDDUN-Based Privacy Threat Modeling Framework for GenAI
As generative AI GenAI systems become increasingly prevalent across various technological stacks, the question of how such systems handle sensitive and personal data flows becomes increasingly important. Specifically, both the ability to harness and process large swaths of information as well as...
EUVD-2019-7289
Malware in sbrugna...
Label Inference Attacks against Federated Unlearning
Federated Unlearning FU has emerged as a promising solution to respond to the right to be forgotten of clients, by allowing clients to erase their data from global models without compromising model performance. Unfortunately, researchers find that the parameter variations of models induced by FU...
Securing Genomic Data against Inference Attacks in Federated Learning Environments
Federated Learning FL offers a promising framework for collaboratively training machine learning models across decentralized genomic datasets without direct data sharing. While this approach preserves data locality, it remains susceptible to sophisticated inference attacks that can compromise...
Clustering and Analysis of User Behaviour in Blockchain: a Case Study of Planet IX
Decentralised applications dApps that run on public blockchains have the benefit of trustworthiness and transparency as every activity that happens on the blockchain can be publicly traced through the transaction data. However, this introduces a potential privacy problem as this data can be track...
Advisory ROSA-SA-2023-2280
Software: cockpit 264.2 OS: ROSA Virtualization 2.1 packageevrstring: cockpit-264.2-1.0.1.rv3c.src.rpm CVE-ID: CVE-2021-3660 BDU-ID: 2021-04029 CVE-Crit: MEDIUM CVE-DESC.: A manager vulnerability for Cockpit servers is related to errors in the display of the user interface or frames. Exploitation...
Recovering Smartphone Voice from the Accelerometer
Yet another smartphone side-channel attack: "EarSpy: Spying Caller Speech and Identity through Tiny Vibrations of Smartphone Ear Speakers": Abstract: Eavesdropping from the users smartphone is a well-known threat to the users safety and privacy. Existing studies show that loudspeaker reverberatio...
The State of Stalkerware in 2021
The state of stalkerware in 2021 PDF Main findings of 2021 Every year Kaspersky analyzes the use of stalkerware around the world to better understand the threat it poses. We partner with stakeholders across public and private sectors to raise awareness and find solutions to best tackle this...
Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique
With browser makers steadily clamping down on third-party tracking, advertising technology companies are increasingly embracing a DNS technique to evade such defenses, thereby posing a threat to web security and privacy. Called CNAME Cloaking, the practice of blurring the distinction between...
Threat actor selling 158,000 Canadian, US credit card data
By Habiba Rashid The threat actor also claims to sell full information of credit card holders which can be a massive privacy threat to unsuspecting banking customers. This is a post from HackRead.com Read the original post: Threat actor selling 158,000 Canadian, US credit card data...
Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping
By Deeba Ahmed Although patched now, if exploited, these vulnerabilities posed a major threat to user's privacy and security. This is a post from HackRead.com Read the original post: Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping...
OkCupid Security Flaw Threatens Intimate Dater Details
Researchers have discovered a slew of issues in the popular OkCupid dating app, which could have allowed attackers to collect users’ sensitive dating information, manipulate their profile data or even send messages from their profile. OkCupid is one of the most popular dating platforms worldwide,...
CVE-2019-16752
An issue was discovered in Decentralized Anonymous Payment System DAPS through 2019-08-26. It is possible to force wallets to send HTTP requests to arbitrary locations, both on the local network and on the internet. This is a serious threat to user privacy, since it can possibly leak their IP...
CVE-2019-16752
CVE-2019-16752 concerns a vulnerability in Decentralized Anonymous Payment System (DAPS) present through 2019-08-26 that can cause wallets to send HTTP requests to arbitrary locations, potentially leaking a user’s IP and usage. Affected products/versions explicitly mentioned include Dash Core up ...
Here are the most popular robocall scams and how to avoid them
We recently examined how robocall scams are a serious threat to privacy, alongside the astonishing rate at which their volume continues to increase. Forty-three billion calls in 2019 with an average of 131 calls per person in the US alone is not something to be sniffed at. No matter how careful y...
Facial recognition technology: force for good or privacy threat?
All across the world, governments and corporations are looking to invest in or develop facial recognition technology. From law enforcement to marketing campaigns, facial recognition is poised to make a splashy entrance into the mainstream. Biometrics are big business, and third party contracts...
Related vulnerabilities have now been patched: the Orvibo smart home devices disclosure of user information-bug warning-the black bar safety net
From Orvibo aspect to understand, this relates to the information disclosure of the security vulnerability has now been fixed, and the user information of the protection level, at the same time they also want and professional information security research team into cooperation with the protection...
X (Formerly Twitter): Tracking of users on third-party websites using the Twitter cookie, due to a flaw in authenticating image requests
Summary: As part of our SoftwareLab@TU Darmstadt latest research project, we discovered a privacy-related vulnerability in multiple high-profile websites, including Twitter. An attacker exploiting this vulnerability can identify a user of your website while the user visits an attacker-controlled...
Warning – 3 Popular VPN Services Are Leaking Your IP Address
Researchers found critical vulnerabilities in three popular VPN services that could leak users' real IP addresses and other sensitive data. VPN, or Virtual Private Network, is a great way to protect your daily online activities that work by encrypting your data and boosting security, as well as...
China Orders Apple to Monitor App Store Users and Track their Identities
China has long been known for its strict censorship which makes it difficult for foreign technology companies to do business in the world’s most populous country of over 1.35 billion people. Now, the new law issued by the Chinese government will expand its strict Internet monitoring efforts into...