Security News

HackerOne announced a new workflow automation integration with GitHub that enables the tracking and synchronization of high-priority vulnerability reports between HackerOne and GitHub. HackerOne is making its debut on GitHub's Marketplace.

Google is tightening its privacy practices that could make it harder for apps on Android phones and tablets to track users who have opted out of receiving personalized interest-based ads. The Google Advertising ID, analogous to Apple's IDFA, is a unique device identifier that can be used by app developers to track users as they move between apps to target ads better and measure the effectiveness of marketing campaigns.

Mozilla says that Firefox users will be protected against cross-site tracking automatically while browsing the Internet in Private Browsing mode. This is because, starting with the Firefox 89 version released today, the Total Cookie Protection will be enabled by default in Private Browsing windows.

Apple's AirTag product has been hacked twice since its recent launch, in a pair of fascinating and informative stories that give you some great insights into how cybersecurity researchers think. The good news is that you don't need to ditch your AirTags if you already splashed out and bought some - these "Hacks" don't put your privacy at risk - and we explain why.

The boffins' research paper, "Three Years Later: A Study of MAC Address Randomization In Mobile Devices And When It Succeeds," is scheduled to be presented at PETS, the Privacy Enhancing Technologies Symposium, in July, even though it will be four years later than the initial project [PDF]. Written by Naval Academy researchers Ellis Fenske, Dane Brown, Jeremy Martin, Travis Mayberry, Peter Ryan, and Erik Rye, the paper describes the analysis of 160 mobile phones and the extent to which these devices employ MAC address randomization to mitigate tracking vulnerabilities.

Researchers have developed a way to track a user across different browsers on the same machine by querying the installed applications on the device. "Cross-browser anonymity is something that even a privacy conscious internet user may take for granted. Tor Browser is known to offer the ultimate in privacy protection, though due to its slow connection speed and performance issues on some websites, users may rely on less anonymous browsers for their every day surfing," explains a new vulnerability report by FingerprintJS' Konstantin Darutkin.

Trend Micro launched a new, co-built SaaS solution with Snyk. Trend Micro Cloud One - Open Source Security by Snyk is the newest Cloud One service and the first partner addition to the platform, which is available through the channel as well as AWS Marketplace.

Mobile app analytics company Flurry is measuring how many users of iOS 14.5 are opting in to allow apps to request to track them - and so far only 15 per cent worldwide have done so. One of its new features is enforcement of what Apple calls AppTrackingTransparency, which means that apps must request permission from the user before tracking them or accessing the Apple device identifier.

In the latest move to improve the privacy of the Chrome browser, Google is adding support for a new HTML tag that prevents user tracking by isolating embedded content from the page embedding it. To prevent this, Google is adding a new form of embedded iframe called a "Fenced frame" to isolate the embedded content and not allow it to see the user data of the embedding page.

It turns out, this header, now being returned by GitHub sites, is actually meant for website owners to opt-out of Google FLoC tracking. BleepingComputer also noticed the entire github.com domain had this header set, indicating GitHub did not want its visitors to be included in Google FLoC's "Cohorts" when visiting any GitHub page.