Google warns uBlock Origin and other extensions may be disabled soon
The warning includes a link to a Google support bulletin that states the browser extension may be disabled to protect users' privacy and security.
"To better protect your privacy and security, Chrome and the Chrome Web Store require extensions to be up-to-date with new requirements," reads Google's support bulletin.
"uBO is a Manifest v2 extension, hence the warning in your Google Chrome browser. There is no Manifest v3 version of uBO, hence the browser will suggest alternative extensions as a replacement for uBO,"
See more: https://www.bleepingcomputer.com/news/google/google-warns-ublock-origin-and-other-extensions-may-be-disabled-soon/
#security #cybersecurity #privacy
Cisco investigates breach after stolen data for sale on hacking forum
"Compromised data: Github projects, Gitlab Projects, SonarQube projects, Source code, hard coded credentials, Certificates, Customer SRCs, Cisco Confidential Documents, Jira tickets, API tokens, AWS Private buckets, Cisco Technology SRCs, Docker Builds, Azure Storage buckets, Private & Public keys, SSL Certificates, Cisco Premium Products & More!," reads the post to a hacking forum.
IntelBroker also shared samples of the alleged stolen data, including a database, customer information, various customer documentation, and screenshots of customer management portals.
However, the threat actor did not provide further details about how the data was obtained.
See more: https://www.bleepingcomputer.com/news/security/cisco-investigates-breach-after-stolen-data-for-sale-on-hacking-forum/
#security #cybersecurity #privacy
Recent Firefox Zero-Day Exploited Against Tor Browser Users
Patches for CVE-2024-9680, which were included in Firefox version 131.0.2 and Firefox ESR versions 128.3.1 and 115.16.1, are rolling out in Tor browser version 13.5.7.
The Tor Project noted that Mozilla is aware of attacks exploiting CVE-2024-9680 against Tor Browser users.
“Using this vulnerability, an attacker could take control of Tor browser, but probably not deanonymize you in Tails,” Tor’s maintainers explained.
See more: https://www.securityweek.com/recent-firefox-zero-day-exploited-against-tor-browser-users/
#security #cybersecurity #privacy
Jetpack fixes critical information disclosure flaw existing since 2016
WordPress plugin Jetpack released a critical security update earlier today, addressing a vulnerability that allowed a logged-in user to access forms submitted by other visitors to the site.
Jetpack is a popular WordPress plugin by Automattic that provides tools to enhance website functionality, security, and performance. According to the vendor, the plugin is installed on 27 million websites.
The issue was discovered during an internal audit and impacts all Jetpack versions since 3.9.9, released in 2016.
See more: https://www.bleepingcomputer.com/news/security/jetpack-fixes-critical-information-disclosure-flaw-existing-since-2016/https://thehackernews.com/2024/10/wordpress-plugin-jetpack-patches-major.html
#security #cybersecurity
If you want to track the latest news about cyber security and privacy, check the zCat!
zCat is an Android app, which lets you create your own news feed.
It also tracks ZCash, privacy focused cryptocurrency based on ZK 😎
https://play.google.com/store/apps/details?id=crypto.crab.app.zcat
#zcash #privacy #security
Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems
Cybersecurity researchers are warning about an unpatched vulnerability in Nice Linear eMerge E3 access controller systems that could allow for the execution of arbitrary operating system (OS) commands.
The flaw, assigned the CVE identifier CVE-2024-9441, carries a CVSS score of 9.8 out of a maximum of 10.0, according to VulnCheck.
"A vulnerability in the Nortek Linear eMerge E3 allows remote unauthenticated attackers to cause the device to execute arbitrary command," SSD Disclosure said in an advisory for the flaw released late last month, stating the vendor has yet to provide a fix or a workaround.
See more: https://thehackernews.com/2024/10/experts-warn-of-critical-unpatched.html
#security #hacking
69,000 Bitcoins Are Headed for the US Treasury—While the Agent Who Seized Them Is in Jail
In fact, thanks to Bitcoin's wild appreciation in recent years, it appears to be the largest ever criminal seizure of money of any kind to be added to the US federal budget.
The $4.4 billion in crypto from Silk Roads case is set to be the largest pile of criminal proceeds ever sold off by the US. The former IRS agent Tigran Gambaryan who seized the record-breaking sum, meanwhile, languishes in a Nigerian jail cell.
The Nigerian government detained Gambaryan, took his passport, and has now jailed him for over six months, charging him with money laundering and tax evasion as a proxy for his employer (Binance).
See more: https://www.wired.com/story/4-4-billion-silk-road-bitcoin-tigran-gambaryan/
#bitcoin
Fidelity Investments says data breach affects over 77,000 people
Fidelity Investments, a Boston-based multinational financial services company, disclosed that the personal information of over 77,000 customers was exposed after its systems were breached in August.
When asked how the attacker could access the data of thousands of customers using two accounts they previously created, Michael Aalto, Fidelity's head of external corporate comms, told BleepingComputer they couldn't share that information and added that "they did not view accounts. They viewed customer information".
See more: https://www.bleepingcomputer.com/news/security/fidelity-investments-says-data-breach-affects-over-77-000-people/
#security #privacy
New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution
GitLab has released security updates for Community Edition (CE) and Enterprise Edition (EE) to address eight security flaws, including a critical bug that could allow running Continuous Integration and Continuous Delivery (CI/CD) pipelines on arbitrary branches.
Tracked as CVE-2024-9164, the vulnerability carries a CVSS score of 9.6 out of 10.
"An issue was discovered in GitLab EE affecting all versions starting from 12.5 prior to 17.2.9, starting from 17.3, prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows running pipelines on arbitrary branches," GitLab said in an advisory.
See more: https://thehackernews.com/2024/10/new-critical-gitlab-vulnerability-could.html
#security
FBI Creates Fake Cryptocurrency to Expose Widespread Crypto Market Manipulation
"Three market makers — ZM Quant, CLS Global, and MyTrade — along with their employees are charged with allegedly wash trading and/or conspiring to wash trade on behalf of NexFundAI, a cryptocurrency company and token created at the direction of law enforcement as part of the government's investigation," the DoJ said.
"A fourth market maker, Gotbit, its CEO, and two of its directors are also charged for perpetrating a similar scheme."
Some says they joined CIA and NSA club with releasing crypto to track criminal activity 👀
See more: https://thehackernews.com/2024/10/fbi-creates-fake-cryptocurrency-to.html
#security #privacy #crypto
AI 'Nude Photo Generator' Delivers Infostealers Instead of Images!
The notorious FIN7 threat group is combining artificial intelligence (AI) with social engineering in an aggressive, adult-themed threat campaign that dangles lures for access to technology that can "deepfake" nude photos — all to fool people into installing infostealing malware.
Detailed description in the article, it seems the journalist did her homework 😊
See more: https://www.darkreading.com/endpoint-security/ai-nude-photo-generator-delivers-infostealers
#security #malware
MoneyGram confirms hackers stole customer data in cyberattack:
MoneyGram has confirmed that hackers stole customers' personal information and transaction data in a September cyberattack that caused a five-day outage
The threat actors stole a varied amount of sensitive customer information, including transaction information, email addresses, postal addresses, names, phone numbers, utility bills, government IDs, and social security numbers.
See more: https://www.bleepingcomputer.com/news/security/moneygram-confirms-hackers-stole-customer-data-in-cyberattack/
#security
Firefox Zero-Day Under Attack: Update Your Browser Immediately!
Mozilla has revealed that a critical security flaw impacting Firefox and Firefox Extended Support Release (ESR) has come under active exploitation in the wild.
The vulnerability, tracked as CVE-2024-9680, discovered by ESET researcher Damien Schaeffer, has been described as a use-after-free bug in the Animation timeline component.
"An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines," Mozilla said in a Wednesday advisory.
The issue has been addressed in the following versions of the web browser:
Firefox 131.0.2
Firefox ESR 128.3.1, and
Firefox ESR 115.16.1.
See more:
https://thehackernews.com/2024/10/mozilla-warns-of-active-exploitation-in.htmlhttps://www.bleepingcomputer.com/news/security/mozilla-fixes-firefox-zero-day-actively-exploited-in-attacks/
#security #cve
Internet Archive hacked, data breach impacts 31 million users
Internet Archive's "The Wayback Machine" has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records.
News of the breach began circulating Wednesday afternoon after visitors to archive.org began seeing a JavaScript alert created by the hacker, stating that the Internet Archive was breached.
"Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP (Have I Been Pwned)!," reads a JavaScript alert shown on the compromised archive.org site.
See more: https://www.bleepingcomputer.com/news/security/internet-archive-hacked-data-breach-impacts-31-million-users/
#security #privacy
AT&T, Verizon reportedly hacked to target US govt wiretapping platform!
Multiple U.S. broadband providers, including Verizon, AT&T, and Lumen Technologies, have been breached by a Chinese hacking group tracked as Salt Typhoon, the Wall Street Journal reports.
The purpose of the attack appears to be for intelligence collection as the hackers might have had access to systems used by the U.S. federal government for court-authorized network wiretapping requests. The exploit run 'for a few months or longer'.
The threat actor attacked also hotels, engineering companies, and law firms in Brazil, Burkina Faso, South Africa, Canada, Israel, France, Guatemala, Lithuania, Saudi Arabia, Taiwan, Thailand, and the United Kingdom.
See more: https://www.bleepingcomputer.com/news/security/atandt-verizon-reportedly-hacked-to-target-us-govt-wiretapping-platform/
#security
PyPI Repository Found Hosting Fake Crypto Wallet Recovery Tools That Steal User Data
Attack on the supply chain - libraries used by developers to put together the final product (= their application) is getting hot again. Malicious packages were able to fetch executable code from remote and make a couple sad faces.
See more in the original post from The Hacker News: https://thehackernews.com/2024/10/pypi-repository-found-hosting-fake.html
#security
For these who missed it: Mozilla Faces GDPR Complaint Over New Firefox Tracking Feature
NOYB, a European privacy group has filed a complaint with Austrian authorities, alleging that Mozilla breached GDPR by enabling “Privacy Preserving Attribution” (PPA), a tracking feature in Firefox, by default without user consent.
It got spicy with July's update to version 128, when Mozilla jumped on Google like dark side to collect data for advertisers = monetizing Firefox users (their thinking was probably something like this: when websites are doing it, when Google is doing it, why not us 🤷♂️
How to turn it off and more details in the original article by Hackread: https://hackread.com/mozilla-gdpr-complaint-firefox-tracking-feature/
#privacy #privacymatters
Ireland's DPC Hits Meta with €91 Million Penalty for GDPR Violation
The DPC launched the initial inquiry in April 2019 after MPIL notified the DPC that it had inadvertently stored certain passwords of social media users in ‘plaintext’ on its internal systems (i.e. without cryptographic protection or encryption).
https://www.infosecurity-magazine.com/news/irelands-dpc-hits-meta-with-91/
#privacy
CUPS flaws enable Linux remote code execution, but there’s a catch
Simone Margaritelli, a cybersecurity researcher and Linux developer, claims to have found a decade-old vulnerability rated 9.9 that affects all GNU/Linux systems, allowing attackers to gain control of vulnerable devices.
Margaritelli found that if the CUPS (short for Common UNIX Printing System) - browsed daemon is enabled, which is not on most systems, it will listen on UDP port 631. It will also, by default, allow remote connections from any device on the network to create a new printer.
But there is a catch! "It is a chain of bugs that rely on spoofing a printer in your local network that is automatically added via network discovery if it is turned on at all - usually not in its default configuration. Then an unverified variable that is used to exploit other vulnerabilities in the CUPS system to execute code, but only when a print job is triggered," said Ilkka Turunen, Field CTO at Sonatype.
While patches are still in development, Red Hat shared mitigation measures requiring admins to stop the cups-browsed service from running and prevent it from being started on reboot.
https://hackread.com/old-vulnerability-9-9-impacts-all-gnu-linux-systems/https://www.bleepingcomputer.com/news/security/cups-flaws-enable-linux-remote-code-execution-but-theres-a-catch/https://thehackernews.com/2024/09/critical-linux-cups-printing-system.html
#security #cybersecurity
Tails OS merges with Tor Project for better privacy, security
The Tor Project and Tails OS are merging operations to better collaborate for a free internet by protecting users from surveillance and censorship.
The idea is to introduce Tails OS to wider user base - which is already familiar with Tor browser, and reach a sustainable funding for both privacy focused projects.
https://www.bleepingcomputer.com/news/software/tails-os-merges-with-tor-project-for-better-privacy-security/
#privacy #security #tor
Hackers Could Have Remotely Controlled Kia Cars Using Only License Plates
Cybersecurity researchers have disclosed a set of now patched vulnerabilities in Kia vehicles that, if successfully exploited, could have allowed remote control over key functions simply by using only a license plate.
"These attacks could be executed remotely on any hardware-equipped vehicle in about 30 seconds, regardless of whether it had an active Kia Connect subscription," security researchers Neiko Rivera, Sam Curry, Justin Rhinehart, and Ian Carroll said.
All vehicles after 2013 affected.
(More in the article)
https://thehackernews.com/2024/09/hackers-could-have-remotely-controlled.html
#security
Chat control is coming "... to detect new CSAM and grooming." That means more surveillance, monitoring and possible the end of end-to-end encryption privacy.
nostr:nevent1qqs2qnpk80nztfkme53pslw30s5tvzqdla6s2kgttqznl9m3kuceekgpzamhxue69uhhyetvv9ujumn0wd68ytnzv9hxgtczyz8k26x7asqjpt9j5ng7fcc3ezqaxpkrj65j3zc2ql6kf5s0rp3xsqcyqqqqqqgpuuzzv
zCat, an Android data aggregator for #Zcash, privacy and security news released a new update. Please, update your app to v0.1.1.
https://image.nostr.build/e02e3156c698af59cdbe46e7aa87eaea676d934cdda513ed48bff42914ae581f.jpg
Available in multiple languages: BR 🇧🇷, CS 🇨🇿, DE 🇩🇪, EN 🇺🇸, ES 🇪🇸, FR 🇫🇷, IN 🇮🇩, PL 🇵🇱, RU 🇷🇺, TR 🇹🇷
https://play.google.com/store/apps/details?id=crypto.crab.app.zcat
The main changes were about the creating of your own news feed. There are couple of more news resources to track now.
Bigger reconstruction was made in feed focused on social networks. There was added option to follow profiles on #Nostr protocol! Furthermore, now you can see also posts from #ZEC Pages!
https://image.nostr.build/e9919af97d4340621b495f3c121ae43a28ac4f5ba39ae381bf52e20735527e5a.jpg
Nostr protocol works in specific way where in rare case you might need to reset relays to which you want to connect to fetch desired data. Be aware it is in your hands, but default pre-set option should work in most cases.
#ZECPages load the whole board, so you can see the latest post. In the future I can add filtering and give more care to keep threads (original posts with responses to be visible in the app). Let's see if there will be demand for it.
https://image.nostr.build/f59b6c5574efcb58d2a3c8716705e184f7cfc978a63011813381a9e242b0742f.jpg
Some of the tracked social network are customizable. That means you can add profiles/channels you want to follow! It is applicable for #Free2Z, #Nostr & #Reddit Just scroll on Resource list and tap 'Add Source'
Insert the username/channel you want to find & track and then, if search is successful, tap on Save button (Reddit data fetch might not working while connected to TOR or some VPNs, since they block it). After return to the feed screen you should be able to see the result!
https://image.nostr.build/1abf88222e8d239bddca0b9959c8ae4433d1199ea00d36e1b8a208450e0bed77.jpg
These feeds are created for tracking only (cannot create a post from zCat app) and it is limited to public posts. There is no login or profile creation in the app (if there is special content for subscribers only, it might not be shown)
Another new option is to turn off the noisy ads in the Setting screen, if you want. These ads are not real ads, just hard-coded links to other apps made by myself in the past. Do not worry to turn it off, I do not lose anything on that.
Of course, there were smaller bug fixes and code cleanup. I replaced some libraries, which might introduce new bugs. If you notice anything, please, let me know. I decided to not implement any tracking tools like crashlytics (which is probably stupid), I need to know from you.
If you will have any suggestion for improvements, please, let me know, too. Apart of functionality I am also a little bit suspicious about machine translations, so, any feedback is appreciated. Enjoy the app!
Oddbean new post about login | logout
Notes by zCat | export