Security News

Mozilla Firefox 102 was released today with a new privacy feature that strips parameters from URLs that are used to track you around the web. Numerous companies, including Facebook, Marketo, Olytics, and HubSpot, utilize custom URL query parameters to track clicks on links.

We've always known that phones-and the people carrying them-can be uniquely identified from their Bluetooth signatures, and that we need security techniques to prevent that. Computer scientists at the University of California San Diego proved in a study published May 24 that minute imperfections in phones caused during manufacturing create a unique Bluetooth beacon, one that establishes a digital signature or fingerprint distinct from any other device.

Mozilla says that all Firefox users will now be protected by default against cross-site tracking while browsing the Internet. "Total Cookie Protection is Firefox's strongest privacy protection to date, confining cookies to the site where they were created, thus preventing tracking companies from using these cookies to track your browsing from site to site."

Researchers at the University of Hamburg in Germany have conducted a field experiment capturing hundreds of thousands of passersby's WiFi connection probe requests to determine the type of data transmitted without the device owners realizing it. WiFi probing is a standard process, part of the bilateral communication required between a smartphone and an access point to establish a connection.

Vodafone is piloting a new advertising ID system called TrustPid, which will work as a persistent user tracker at the mobile Internet Service Provider level. The mobile carrier plans to assign a fixed ID to each customer and associate all user activity with it.

US President Joe Biden has signed into law a bill that aims to improve how the federal government tracks and prosecutes cybercrime. The Better Cybercrime Metrics Act, which Biden signed late last week, requires the Department of Justice to work with the National Academy of Sciences to develop a taxonomy that law enforcement can use to categorize different types of cybercrime.

Meta's Facebook subsidiary has been collecting hashed personal data from students seeking US government financial aid, even from those without a Facebook account and those not logged into the student aid website, according to a research study published this week. News non-profit The Markup, working with Mozilla via its Rally data monitoring extension, found that the Meta pixel code has been gathering digital fingerprints representing the first name, last name, phone number, zip code, and email address of students filling out the Free Application for Federal Student Aid, or FAFSA, on the US Department of Education's StudentAid.

Cybersecurity researchers have managed to build a clone of Apple Airtag that circumvents the anti-stalking protection technology built into its Find My Bluetooth-based tracking protocol. The result is a stealth AirTag that can successfully track an iPhone user for over five days without triggering a tracking notification, Positive Security's co-founder Fabian Bräunlein said in a deep-dive published last week.

An Apple AirTag is a Bluetooth-based device finder released in April 2021 that allows owners to track the device using Apple's 'Find My' service. Although Apple has implemented an intricate anti-stalking system to prevent cases of abuse, stealthy AirTag tracking continues to remain a problem.

An unauthenticated API call vulnerability in DPD Group's package tracking system could have been exploited to access the personally identifiable details of its clients. DPD Group is a parcel delivery service with a global presence, shipping around two billion parcels annually worldwide.