Security News
A software bug introduced in Apple Safari 15's implementation of the IndexedDB API could be abused by a malicious website to track users' online activity in the web browser and worse, even reveal their identity. That's not the case with how Safari handles the IndexedDB API in Safari across iOS, iPadOS, and macOS. "In Safari 15 on macOS, and in all browsers on iOS and iPadOS 15, the IndexedDB API is violating the same-origin policy," Martin Bajanik said in a write-up.
Mozilla's Firefox Focus web browser can now protect Android users against cross-site tracking while browsing the Internet by preventing cookies from being used for advertising and monitoring your activity. "We're bringing it to Firefox Focus on Android, our simple, privacy by default companion app. Firefox Focus on Android will be the first Firefox mobile browser to have Total Cookie Protection," Mozilla said today.
The Commission nationale de l'informatique et des libertés, France's data protection watchdog, has slapped Facebook and Google with fines of €150 million and €60 million for violating E.U. privacy rules by failing to provide users with an easy option to reject cookie tracking technology. HTTP cookies are small pieces of data created while a user is browsing a website and placed on the user's computer or other device by the user's web browser to track online activity across the web and store information about the browsing sessions, including logins and details entered in form fields such as names and addresses.
University researchers in the US have developed a new fingerprint capturing and browser spoofing attack called Gummy Browsers. The 'Gummy Browsers' attack is the process of capturing a person's fingerprint by making them visit an attacker-controlled website and then using that fingerprint on a target platform to spoof that person's identity.
University researchers in the US have developed a new fingerprint capturing and browser spoofing attack called Gummy Browsers. The 'Gummy Browsers' attack is the process of capturing a person's fingerprint by making them visit an attacker-controlled website and then using that fingerprint on a target platform to spoof that person's identity.
Brave, the privacy-conscious web browser, has announced plans to introduce additional privacy protections against 'bounce tracking,' a newer form of tracking that is not currently blocked by the browser. The new system, which Brave's team calls "Debouncing", addresses the bounce tracking method, which disregards users' privacy preferences such as the 'Do Not Track' setting and the blocking of third-party cookies.
Google's Threat Analysis Group on Thursday said it's tracking more than 270 government-backed threat actors from more than 50 countries, adding it has approximately sent 50,000 alerts of state-sponsored phishing or malware attempts to customers since the start of 2021. Google said it disrupted a number of campaigns mounted by an Iranian state-sponsored attacker group tracked as APT35, including a sophisticated social engineering attack dubbed "Operation SpoofedScholars" aimed at think tanks, journalists, and professors with an aim to solicit sensitive information by masquerading as scholars with the University of London's School of Oriental and African Studies.
Reports that the military has started outfitting firearms with RFID tags for tracking have raised security alarms. The Department of Defense, the Marines and the Navy have already rejected the RFID tagging tech for that specific reason, according to the AP. However, five Air Force bases are operating at least one RFID armory, along with a Florida-based Green Beret unit that uses RFID in what officials said were a "Few" armories.
Good article about the current state of cryptocurrency forensics.
You can tell iOS and iPadOS apps not to track your activity. After you've been running the latest update on your iPhone or iPad, start opening different apps as you normally would.