A week in security (March 30 – April 5)

Last week on Malwarebytes Labs: That dream job offer from Coca-Cola or Ferrari? It’s a trap for your passwords Blocking children from social media is a badly executed good idea Apple expands "DarkSword" patches to iOS 18.7.7 Malwarebytes Privacy VPN receives full third-party audit Wikipedia’s AI...

A week in security (December 1 – December 7)

Last week on Malwarebytes Labs: Leaks show Intellexa burning zero-days to keep Predator spyware running How scammers use fake insurance texts to steal your identity Canadian police trialing facial recognition bodycams Update Chrome now: Google fixes 13 security issues affecting billions Attackers...

TOR Virtual Network Tunneling Tool 0.4.8.19

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow...

A Systematic Survey of Empirical User Studies of Unintentional Information Disclosure in Everyday Digital Interaction

The exchange of personal information in digital environments poses significant risks, including identity theft, privacy breaches, and data misuse. Addressing these challenges requires a deep understanding of user behavior and mental models in diverse contexts. This paper presents a systematic...

Data Brokers Face New Pressure for Hiding Opt-Out Pages From Google

After reporters found dozens of firms hiding privacy tools from search results, US senator Maggie Hassan insists the companies explain their practices—and pledge to improve access to privacy controls...

New Study Shows Google Tracking Persists Even With Privacy Tools

A new SafetyDetectives study reveals the surprising extent of Google tracking across the web in the US, UK, Switzerland, and Sweden. Discover how Google Analytics, AdSense, and YouTube embeds collect your data, even when using DuckDuckGo...

Local Frames: Exploiting Inherited Origins to Bypass Content Blockers

We present a study of how local frames i.e., iframes with non-URL sources like "about:blank" are mishandled by a wide range of popular Web security and privacy tools. As a result, users of these tools remain vulnerable to the very attack techniques they seek to protect against, including browser...

Proton Is Launching Encrypted Documents to Take On Google Docs

Proton is adding an end-to-end encrypted documents editor to its privacy tools, boosting its competition with Google’s suite of productivity apps...

WordPress plugin WP DSGVO Tools 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PYSEC-2024-30

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. Prior to 4.2.0, authenticated users could inject code into algorithm environment variables, resulting in remote code execution. This vulnerability is...

PT-2023-12467 · WordPress · Wp Dsgvo Tools

Name of the Vulnerable Software and Affected Versions: WP DSGVO Tools GDPR plugin for WordPress versions up to and including 3.1.23 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping, allowing unauthenticated attackers to...

Privacy predictions 2022

We no longer rely on the Internet just for entertainment or chatting with friends. Global connectivity underpins the most basic functions of our society, such as logistics, government services and banking. Consumers connect to businesses via instant messengers and order food delivery instead of...

WordPress 访问控制错误漏洞

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress DSGVO Tools in version 3.1.23 and earlier has an access control error vulnerability that stems fr...

VulnCheck KEV: CVE-2021-42359

WP DSGVO Tools GDPR = 3.1.23 had an AJAX action, ‘admin-dismiss-unsubscribe‘, which lacked a capability check and a nonce check and was available to unauthenticated users, and did not check the post type when deleting unsubscription requests. As such, it was possible for an attacker to...

Labs survey finds privacy concerns, distrust of social media rampant with all age groups

Before Cambridge Analytica made Facebook an unwilling accomplice to a scandal by appropriating and misusing more than 50 million users’ data, the public was already living in relative unease over the privacy of their information online. The Cambridge Analytica incident, along with other, seemingl...

Parrot Security 3.9 - Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind

Security GNU/Linux distribution designed with cloud pentesting and IoT security in mind. It includes a full portable laboratory for security and digital forensics experts, but it also includes all you need to develop your own softwares or protect your privacy with anonymity and crypto tools...

​Facebook launches ThreatExchange for Sharing Cyber Security Threats

Social Networking giant Facebook has just launched a new platform called ThreatExchange, which is designed to mount a coordinated defense against cybercrime. Many security professionals rely largely on manual methods for collecting, analyzing, and consuming information about latest cyber security...

UK Prime Minister wants to Ban Encrypted Messaging Apps

The terrible terrorist attacks in France forced the British Prime Minister David Cameron to consider banning the popular encrypted online messaging apps like Snapchat, CryptoCat, WhatsApp and Apple’s iMessage unless the companies don't give the UK government backdoor access to their encrypted...

EFF Launches New Anti-Surveillance Site

The EFF has launched a new site dedicated to educating users about how to resist pervasive surveillance online, through the promotion of encryption and other tools and the publication of first-person stories from people around the world who have fought surveillance in various ways. The new site, ...

New Initiative Simply Secure Aims to Make Security Tools Easier to Use

The dramatic revelations of large-scale government surveillance and deep penetration of the Internet by intelligence services and other adversaries have increased the interest of the general public in tools such as encryption software, anonymity services and others that previously were mainly of...