Measuring the Carbon Footprint of Cryptographic Privacy-Enhancing Technologies

Privacy-enhancing technologies PETs have attracted significant attention in response to privacy regulations, driving the development of applications that prioritize user data protection. At the same time, the information and communication technology ICT sector faces growing pressure to reduce its...

Lumos 安全漏洞

Lumos is a tool by Andrew Nguonly personal developer. It is used for browsing web pages. A security vulnerability exists in Lumos versions prior to 1.0.17, which stems from the use of the markdown-to-jsx package without disableParsingRawHTML set to true, where ChatBar.tsx parses raw HTML from...

Your vacation, reservations, and online dates, now chosen by AI: Lock and Code S05E11

This week on the Lock and Code podcast… The irrigation of the internet is coming. For decades, we’ve accessed the internet much like how we, so long ago, accessed water—by traveling to it. We connected quite literally, we logged on, and we zipped to addresses and sites to read, learn, shop, and...

May 14, 2024—KB5037782 (OS Build 20348.2461)

May 14, 2024—KB5037782 OS Build 20348.2461 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find out when ne...

FTC Slams Avast with $16.5 Million Fine for Selling Users' Browsing Data

The U.S. Federal Trade Commission FTC has hit antivirus vendor Avast with a $16.5 million fine over charges that the firm sold users' browsing data to advertisers after claiming its products would block online tracking. In addition, the company has been banned from selling or licensing any web...

GHSA-3XRR-7M6P-P7XH HtmlUnit Code Injection vulnerability

Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to Remote Code Execution RCE via XSTL, when browsing the attacker’s webpage...

Webinar with Guest Forrester: Browser Security New Approaches

In today's digital landscape, browser security has become an increasingly pressing issue, making it essential for organizations to be aware of the latest threats to browser security. That's why the Browser Security platform LayerX is hosting a webinar featuring guest speaker Paddy Harrington, a...

CVE-2023-30856 eDEX-UI cross-site websocket hijacking vulnerability enables remote command execution

eDEX-UI is a science fiction terminal emulator. Versions 2.2.8 and prior are vulnerable to cross-site websocket hijacking. When running eDEX-UI and browsing the web, a malicious website can connect to eDEX's internal terminal control websocket, and send arbitrary commands to the shell. The projec...

PartyLoud - A Simple Tool To Generate Fake Web Browsing And Mitigate Tracking

PartyLoud is a highly configurable and straightforward free tool that helps you prevent tracking directly from your linux terminal, no special skills required. Once started, you can forget it is running. It provides several flags; each flag lets you customize your experience and change PartyLoud...

Apple’s Lockdown Mode

I havent written about Apples Lockdown Mode yet, mostly because I havent delved into the details. This is how Apple describes it: Lockdown Mode offers an extreme, optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of...

CVE-2022-28868

CVE-2022-28868 describes an address bar spoofing vulnerability in F-Secure Safe Browser for Android . When a user visits a specially crafted malicious page/URL, they may briefly believe content is from a legitimate domain while it is served from an attacker-controlled site. The connected document...

Big Mother is watching: What parents REALLY think about tracking their kids

Every year on Data Privacy Day, we’re greeted with countless arguments about the absolute merits of data privacy protections good, invasions bad, but we rarely see a faithful, factual accounting for the biggest data privacy conundrum facing billions of people every single day: Should parents inva...

Pervasive Apple Safari Bug Exposes Web-Browsing Data, Google IDs

A security vulnerability in Apple’s browsers for macOS, iOS and iPadOS can lead to information disclosure, researchers have warned. Apple has just marked the issue as “resolved,” but it will take some time for the fixes to roll out, they said, so users should implement mitigations. According to...

Google Chrome heap buffer overflow vulnerability (CNVD-2022-12741)

Chrome is a simple and efficiently designed web browsing tool developed by Google. A heap buffer overflow vulnerability exists in fingerprinting in versions of Google Chrome prior to 96.0.4664.45. An attacker can exploit this vulnerability to corrupt the WebUI renderer process to perform a sandbo...

Google Chrome New Tabs Data Validation Insufficient Vulnerability

Chrome is a simple and efficient web browsing tool developed by Google. versions prior to Google Chrome 95.0.4638.69 are vulnerable to insufficient data validation in new tabs. A remote attacker could inject arbitrary script or HTML into a new browser tab via a crafted HTML page...

Google Chrome Post-release Reuse Vulnerability (CNVD-2021-84808)

Chrome is a web browsing tool developed by Google. a post-release reuse vulnerability exists in Profiles in versions prior to Google Chrome 95.0.4638.54. A remote attacker exploited this vulnerability to potentially exploit heap corruption via a crafted HTML page...

Google Chrome Heap Buffer Overflow Vulnerability (CNVD-2021-84818)

Chrome is a web browsing tool developed by Google. a heap buffer overflow vulnerability exists in Blink in versions prior to Google Chrome 94.0.4606.81. An attacker could exploit this vulnerability to potentially exploit heap corruption via a crafted HTML page...

Google Chrome Information Disclosure Vulnerability (CNVD-2021-99277)

Chrome is a simple and efficient web browsing tool developed by Google. An attacker could exploit this vulnerability to obtain sensitive information...

Google Chrome Post-release Reuse Vulnerability (CNVD-2021-99288)

Chrome is a simple and efficient web browsing tool developed by Google. portals in versions prior to Google Chrome 94.0.4606.61 are vulnerable to post-release reuse. An attacker could exploit this vulnerability to be able to perform a sandbox escape via a crafted HTML page...

Google Chrome UI security bypass vulnerability

Chrome is a simple and efficient web browsing tool developed by Google, which is characterized by simplicity and speed. Google Chrome suffers from a security vulnerability. An attacker could exploit this vulnerability to bypass security restrictions...