Security News
There's a problem with the implementation of the IndexedDB API in Safari's WebKit engine, which could result in leaking browsing activity in real-time and even user identities to anyone exploiting this flaw. IndexedDB is a widely used browser API that is a versatile client-side storage system with no capacity limits.
Microsoft has revealed a vulnerability in its Azure App Service for Linux allowed the download of files that users almost certainly did not intend to be made public. Microsoft bills the Azure App Service as just the thing if you want to "Quickly and easily create enterprise-ready web and mobile apps for any platform or device, and deploy them on a scalable and reliable cloud infrastructure."
Personal information describing names, addresses, bank account details, and taxation IDs of 38,000 Australian government employees has been leaked to the dark web after a ransomware attack. Frontier had previously advised that the attack had been deflected and customer data was safe.
Smartphone payment provider LINE Pay announced yesterday that around 133,000 users' payment details were mistakenly published on GitHub between September and November of this year. Files detailing participants in a LINE Pay promotional program staged between late December 2020 and April 2021 were accidentally uploaded to the collaborative coding crèche by a research group employee.
Researchers have discovered 14 new types of cross-site data leakage attacks against a number of modern web browsers, including Tor Browser, Mozilla Firefox, Google Chrome, Microsoft Edge, Apple Safari, Opera, among others. "The purpose of the same-origin policy is to prevent information from being stolen from a trusted website. In the case of XS-Leaks, attackers can nevertheless recognize individual, small details of a website. If these details are tied to personal data, those data can be leaked."
The first flaw concerns leak of names of private npm packages on the npmjs.com's 'replica' server-feeds from which are consumed by third-party services. ' The leak exposed a list of names of private npm packages, but not the content of these packages during the maintenance window.
The Philippines' Department of Foreign Affairs has disabled its online passport application tracker, citing a "Data privacy issue" and hinting that information could have leaked. The Philippines requires citizens to use the site, which launched only a couple of months ago, to apply for a passport - walk-in applications are allowed only under exceptional circumstances.
Brittany Ferries has told some customers that an unforeseen technical glitch introduced after "Routine" website maintenance had left their accounts wide open, potentially exposing very sensitive details to anyone who knew the linked email address. The operator, which runs ships from the UK to ports in Spain and France, contacted punters on Tuesday with the bad news about a "Breach to our data that might have an impact on your My Account with Brittany Ferries."
The private key used to sign EU Digital Covid certificates has been reportedly leaked and is being circulated on messaging apps and online data breach marketplaces.This week, users reported seeing the private key for EU Digital Covid certificates circulating on messaging apps, like Telegram.
The St. Louis Post-Dispatch newspaper recently found a huge security blunder: The Missouri educational agency's site was displaying 100,000+ clearly visible Social-Security numbers for school teachers, administrators and counselors in its HTML source code. Through a multi-step process, an individual took the records of at least three educators, decoded the HTML source code, and viewed the SSN of those specific educators.