EUVD-2021-0517

Malware in sbrugna...

Pete Hegseth’s Signal Scandal Spirals Out of Control

Plus: Cybercriminals stole a record-breaking fortune from US residents and businesses in 2024, and Google performs its final flip-flop in its yearslong quest to kill tracking cookies...

Shopify faces privacy lawsuit for collecting customer data

Shopify faces a data privacy class action lawsuit in the US that could change the way globally active companies can be held accountable. The proposed class action is a revival of a case that had been dismissed by a lower court judge and a three-judge 9th Circuit Court of Appeals panel. But now it...

Google now allows digital fingerprinting of its users

In the ongoing saga that is Google’s struggle to replace tracking cookies, we have entered a new phase. But whether that’s good news is another matter. For years, Google has been saying it will phase out the third-party tracking cookies that power much of its advertising business online, proposin...

Browser Guard now flags data breaches and better protects personal data

Two things are true of data online: It will be collected and, just as easily, it will be lost. But a major update to Malwarebytes Browser Guard will better protect users from opaque data collection that happens every day online, as well as raising their awareness about corporate data breaches tha...

Google's Privacy Sandbox Accused of User Tracking by Austrian Non-Profit

Google's plans to deprecate third-party tracking cookies in its Chrome web browser with Privacy Sandbox has run into fresh trouble after Austrian privacy non-profit noyb none of your business said the feature can still be used to track users. "While the so-called 'Privacy Sandbox' is advertised a...

Cookie consent choices are just being ignored by some websites

In news that is, sadly, unlikely to shock you, new research indicates that many websites ignore visitors choices to refuse cookies and collect their data anyway. Researchers at the University of Amsterdam UvA analyzed 85,000 European websites and came to the conclusion that 90% of them violated a...

Google to Delete Billions of Browsing Records in 'Incognito Mode' Privacy Lawsuit Settlement

Google has agreed to purge billions of data records reflecting users' browsing activities to settle a class action lawsuit that claimed the search giant tracked them without their knowledge or consent in its Chrome browser. The class action, filed in 2020, alleged the company misled users by...

A week in security (December 11 – December 17)

Last week on Malwarebytes Labs: PikaBot distributed via malicious search ads Chrome starts the countdown to the end of tracking cookies Apple to introduce new feature that makes life harder for iPhone thieves Recently-patched Apache Struts vulnerability used in worldwide attacks ALPHV ransomware...

Chrome starts the countdown to the end of tracking cookies

Google has announced that it will start rolling its Chrome web browsers new Tracking Protection feature from January of 2024. Tracking Protection is part of Google’s Privacy Sandbox initiative to phase out third-party cookies. The Tracking Protection feature aims to disable third-party cookies...

Google Chrome Rolls Out Support for 'Privacy Sandbox' to Bid Farewell to Tracking Cookies

Google has officially begun its rollout of Privacy Sandbox in the Chrome web browser to a majority of its users, nearly four months after it announced the plans. "We believe it is vital to both improve privacy and preserve access to information, whether it's news, a how-to-guide, or a fun video,"...

Google Drops FLoC and Introduces Topics API to Replace Tracking Cookies for Ads

Google on Tuesday announced that it is abandoning its controversial plans for replacing third-party cookies in favor of a new Privacy Sandbox proposal called Topics, which categorizes users' browsing habits into approximately 350 topics. The new mechanism, which takes the place of FLoC short for...

Will Google’s Privacy Sandbox take the bite out of tracking cookies?

Third-party cookies have been the lynchpin of online advertising for many years. Plans to phase cookies out forever continue to run at a steady pace, with Google in the driving seat. In 2019, it announced its vision for a “Privacy Sandbox”. The building blocks for this were essentially: 1. Most...

Information DIsclosure

mautic/core is vulnerable to information disclosure. The vulnerability exists as the tracking cookies per contact is systematically incremented by their auto-incremented ID, and it is possible to retrieve information about the contact through forms by progressive profiling...

Firefox 69 Now Blocks 3rd-Party Tracking Cookies and Cryptominers By Default

Mozilla has finally enabled the "Enhanced Tracking Protection" feature for all of its web browser users worldwide by default with the official launch of Firefox 69 for Windows, Mac, Linux, and Android. The company enabled the "Enhanced Tracking Protection" setting by default for its browser in Ju...

Firefox 69 Release Kills Default Tracking Cookies, Flash Support

Mozilla has released its latest Firefox browser iteration, Firefox 69, which by default blocks third-party cookies and cryptominers; it also disables default support for Adobe Flash Player. In addition, the browser has squashed several critical and high-severity vulnerabilities. Mozilla has long...

Bucking the Norm, Mozilla to Block Tracking Cookies in Firefox

Web tracking has long been in the cross-hairs of privacy advocates, who say that marketers know entirely too much about individuals’ online activities. And to add insult to injury, the ubiquitous cookie system used to enable tracking also presents potential security threats, including cross-site...

Design/Logic Flaw

An issue was discovered in Mautic 1.x and 2.x before 2.13.0. It is possible to systematically emulate tracking cookies per contact due to tracking the contact by their auto-incremented ID. Thus, a third party can manipulate the cookie value with +1 to systematically assume being tracked as each...

CVE-2018-10189

In Mautic 1.x and 2.x before 2.13.0, an attacker can systematically emulate tracking cookies per contact by manipulating the cookie value with +1, effectively allowing a third party to assume the tracked identity of other contacts and access information via forms using progressive profiling. This...

CVE-2018-10189

An issue was discovered in Mautic 1.x and 2.x before 2.13.0. It is possible to systematically emulate tracking cookies per contact due to tracking the contact by their auto-incremented ID. Thus, a third party can manipulate the cookie value with +1 to systematically assume being tracked as each...