Cyber Security Informer

GitHub's new privacy policy sparks backlash over tracking cookies

Bleeping Computer

AUGUST 11, 2022

Developers are furious at GitHub's upcoming privacy policy changes that would allow GitHub to place tracking cookies on some of its subdomains. The Microsoft subsidiary announced this month, it would be adding "non-essential cookies" on some marketing web pages starting in September, and offered a 30-day "comment period." [.].

Marketing

TikTok Fined 5 Million Euros for Cookie Policies

SecureWorld News

JANUARY 16, 2023

The uber popular short-form video sharing platform has been fined 5 million euros for its cookie policies, and no, we're not talking about chocolate chip or oatmeal raisin. Several clicks were required to refuse all cookies, as opposed to just one to accept them. TikTok Denies Claims of Massive Data Breach.

Data breaches

Data breaches Technology Mobile Internet

Case Study: The Cookie Privacy Monster in Big Global Retail

The Hacker News

JANUARY 16, 2024

Explore how an advanced exposure management solution saved a major retail industry client from ending up on the naughty step due to a misconfiguration in its cookie management policy.

Retail

Hackers Steal Session Cookies to Bypass Multi-factor Authentication

eSecurity Planet

AUGUST 19, 2022

One new tactic hackers have been using is to steal cookies from current or recent web sessions to bypass multi-factor authentication (MFA). The “cookie-stealing cybercrime spectrum” is broad, the researchers wrote, ranging from “entry-level criminals” to advanced adversaries, using various techniques.

Authentication

Authentication Password Management Passwords Malware

Promiscuous Cookies and Their Impending Death via the SameSite Policy

Troy Hunt

JANUARY 3, 2020

Cookies like to get around. I mean have a think about it: If a website sets a cookie then you click a link to another page on that same site, will the cookie be automatically sent with the request? What if an attacker sends you a link to that same website in a malicious email and you click that link, will the cookie be sent?

Passwords

Passwords Accountability Risk Hacking

New Ways to Track Internet Browsing

Schneier on Security

AUGUST 17, 2018

Interesting research on web tracking: " Who Left Open the Cookie Jar? A Comprehensive Evaluation of Third-Party Cookie Policies : Abstract : Nowadays, cookies are the most prominent mechanism to identify and authenticate users on the Internet.

Internet

Internet Internet Authentication

Preventing CSRF Attacks

Veracode Security

FEBRUARY 16, 2021

Set cookies with the SameSite Attribute. Cookies are a way to add persistent state to websites. To address this, cookies contain a number of attributes that govern their behavior. The SameSite attribute allows you to declare if your cookie should be restricted to a first-party or same-site context. However, it???s

Authentication

Authentication Banking Passwords Government

Microsoft warns of multi-stage AiTM phishing and BEC attacks

Security Affairs

JUNE 11, 2023

The proxy server allows attackers to access the traffic and capture the target’s password and the session cookie. ” This campaign outstands for the use of an indirect proxy that provided attackers control and flexibility in tailoring the phishing pages to their targets and steal session cookies. .”

Phishing

Phishing Banking Financial Services Authentication

Large-scale AiTM phishing campaign targeted +10,000 orgs since 2021?

Security Affairs

JULY 12, 2022

The proxy server allows attackers to access the traffic and capture the target’s password and the session cookie. Once obtained the credentials and session cookies to access users’ mailboxes, threat actors launched business email compromise (BEC) campaigns against other targets. and certificate-based authentication.

Phishing

Phishing Authentication Social Engineering Passwords

France slaps $ 64m penalty on Microsoft

CyberSecurity Insiders

DECEMBER 30, 2022

The penalty was pronounced on the tech giant for not allowing its Bing users to refuse cookies, as it is made it mandatory and is against the EU’s General Data Protection Regulation (GDPR). Since the company was making profits by selling the cookie data to ad firms, it violated a few GDPR rules, CNIL added.

Data collection

Data collection Software Cybersecurity

Why You Should Opt Out of Sharing Data With Your Mobile Provider

Krebs on Security

MARCH 20, 2023

Until recently, AT&T also shared CPNI data with Xandr , whose privacy policy in turn explains that it shares data with hundreds of other advertising firms. ” VERIZON Verizon’s privacy policy says it does not sell information that personally identities customers (e.g., .” Happily, all of the U.S.

Mobile

Mobile Wireless Advertising Telecommunications

These Cookie Warning Shenanigans Have Got to Stop

Troy Hunt

MARCH 13, 2019

Cookie walls don't comply with GDPR, says Dutch DPA”: [link] — Troy Hunt (@troyhunt) March 8, 2019. To continue chucking up cookie warnings to everyone and somehow expecting them to make an informed decision about the risks they present? But at least you can go and read their privacy policy, right? You can be tracked!":

Banking

Banking VPN Risk Advertising

This Week’s Trends in Privacy with Nymity Research – August 24, 2021

TrustArc

AUGUST 24, 2021

Best Practices: LGPD Compliance Checklist for Small and Micro-Businesses The IDEC encourages businesses to establish breach notification procedures, appoint a DPO, determine the legal bases for processing (use purpose of processing as a guide), create various policies for data subjects and employees (privacy, cookies, […].

SYS01 stealer targets critical government infrastructure

Security Affairs

MARCH 7, 2023

The attack is designed to steal sensitive information, including login data, cookies, and Facebook ad and business account information.” The last stage malware is the PHP-based SYS01stealer malware which is able to steal browser cookies and abuse authenticated Facebook sessions to steal information from the victim’s Facebook account.

Government

Government Manufacturing Social Engineering Malware

Spear-phishing now targets employees outside the finance and executive teams, report says

Malwarebytes

JULY 30, 2021

This video cannot be displayed because your Functional Cookies are currently disabled. To enable them, please visit our privacy policy and search for the Cookies section. Select “Click Here” to open the Privacy Preference Center and select “Functional Cookies” in the menu. ” Stay safe!

Phishing

Phishing Social Engineering Mobile Engineering

Accept All Cookies | Avast

Security Boulevard

APRIL 11, 2022

We recently carried out research that revealed that more than four in five people (85%) have accepted cookies on a website without reading any of the policies; more than a third (37%) say they’ve done so only to later discover they had agreed to something they wish they hadn’t.

Microsoft Says Phishing Campaign Bypassed MFA, Targeted 10,000 Orgs

SecureWorld News

JULY 13, 2022

The threat actors behind this campaign then used the stolen credentials and session cookies for follow-on business email compromise (BEC) campaigns against other targets. Once the attacker obtains the session cookie, they can inject it into their browser to skip the authentication process, even if the target's MFA is enabled.".

Phishing

Phishing Authentication Passwords Scams

Google hits its own headlines because of privacy issues

CyberSecurity Insiders

SEPTEMBER 29, 2021

The California based web search giant is facing a legal trouble with a privacy movement started by Open Web that claims that the tech giant’s new ad policy will restrict open web competition and vitiate fraud detection.

Advertising

Advertising Data privacy Marketing Engineering

Understanding & Defending Against Adversary-in-the-Middle (AiTM) Attacks

Duo's Security Blog

JANUARY 8, 2024

The proxy page allows the attacker to steal the user's valid session cookies, bypassing the traditional authentication process. To learn how an AiTM attack works, it is important to first understand the following browsing concepts: Cookies: Cookies enable a website to remember you, so you don’t have to re-login with every click.

Authentication

Authentication Phishing Passwords Encryption

A week in security (February 14 – February 20)

Malwarebytes

FEBRUARY 21, 2022

This video cannot be displayed because your Functional Cookies are currently disabled. To enable them, please visit our privacy policy and search for the Cookies section. Select “Click Here” to open the Privacy Preference Center and select “Functional Cookies” in the menu.

Spyware

Spyware Ransomware Phishing Hacking

‘Nameless’ malware attacks 1.2TB database in the cloud

SC Magazine

JUNE 10, 2021

terabytes of files, cookies, and credentials that came from 3.2 terabytes of files, cookies, and credentials that came from 3.2 The data was stolen between 2018 and 2020 and included 2 billion cookies. a so-called “nameless” undetected malware stole a database in the cloud that contained some 1.2 million Windows-based computers.

Malware

Malware Firewall Cyber threats Education

Police seize DoubleVPN data, servers, and domain

Malwarebytes

JUNE 30, 2021

This video cannot be displayed because your Functional Cookies are currently disabled. To enable them, please visit our privacy policy and search for the Cookies section. Select “Click Here” to open the Privacy Preference Center and select “Functional Cookies” in the menu.

VPN

VPN Cybercrime Encryption Advertising

Racing against a real-life ransomware attack, with Ski Kacoroski: Lock and Code S02E12

Malwarebytes

JULY 6, 2021

This video cannot be displayed because your Functional Cookies are currently disabled. To enable them, please visit our privacy policy and search for the Cookies section. Select “Click Here” to open the Privacy Preference Center and select “Functional Cookies” in the menu.

Ransomware

Ransomware System Administration Risk

College closes down after ransomware attack

Malwarebytes

MAY 12, 2022

This video cannot be displayed because your Functional Cookies are currently disabled. To enable them, please visit our privacy policy and search for the Cookies section. Select “Click Here” to open the Privacy Preference Center and select “Functional Cookies” in the menu.

Ransomware

Ransomware Education Backups Software

Katie Moussouris hacked Clubhouse. Her emails went unanswered for weeks: Lock and Code S02E15

Malwarebytes

AUGUST 16, 2021

This video cannot be displayed because your Functional Cookies are currently disabled. To enable them, please visit our privacy policy and search for the Cookies section. Select “Click Here” to open the Privacy Preference Center and select “Functional Cookies” in the menu.

Hacking

Hacking Software

Hackers, tractors, and a few delayed actors. How hacker Sick Codes learned too much about John Deere: Lock and Code S02E16

Malwarebytes

AUGUST 30, 2021

This video cannot be displayed because your Functional Cookies are currently disabled. To enable them, please visit our privacy policy and search for the Cookies section. Select “Click Here” to open the Privacy Preference Center and select “Functional Cookies” in the menu.

Accountability

Accountability Internet Internet

Russia’s APT28 uses fear of nuclear war to spread Follina docs in Ukraine

Malwarebytes

JUNE 21, 2022

In a very similar way, the new variant also grabs all the saved cookies stored in Google Chrome by accessing %LOCALAPPDATA%GoogleChromeUser DataDefaultNetworkCookies. Cookie stealing code (Google Chrome). Stolen cookies can sometimes be used to break into websites even if the username and password aren’t saved to the browser.

Passwords

Passwords Malware Government

WordPress Tools for GDPR Compliance

SiteLock

AUGUST 27, 2021

Privacy Policy Generator. Many sites have already have privacy policies as a page link in their website footer. The verbiage of these policies can vary, but oftentimes small businesses just do a web search to copy an existing privacy policy and call it a day. Commenter Cookie Opt-Ins.

Small Business

Small Business Accountability

Report: Brazil must do more to encrypt, back up data

Malwarebytes

JULY 8, 2022

of organizations (306 out of 410) do not have a formally approved backup policy—basic document, negotiated between the business areas (“owners” of the data/systems) and the organization’s IT, with a view to disciplining issues and procedures related to the execution of backups. The numbers game.

Encryption

Encryption Backups Cybercrime Ransomware

Tor’s (security) role in the future of the Internet, with Alec Muffett

Malwarebytes

JUNE 5, 2022

This video cannot be displayed because your Functional Cookies are currently disabled. To enable them, please visit our privacy policy and search for the Cookies section. Select “Click Here” to open the Privacy Preference Center and select “Functional Cookies” in the menu.

Internet

Internet Internet DNS Surveillance

A week in security (May 30 – June 5)

Malwarebytes

JUNE 6, 2022

FBI warns of education sector credentials on dark web forums Runescape phish claims your email has been changed Threat profile: RansomHouse makes extortion work without ransomware WhatsApp accounts hijacked by call forwarding FAQ: Mitigating Microsoft Office’s ‘Follina’ zero-day Phishing mail claims a 3D Secure upgrade is required (..)

DNS

DNS Internet Internet Phishing

Have we lost the fight for data privacy? Lock and Code S03E16

Malwarebytes

AUGUST 1, 2022

None of this is to mention more recent, separate developments: Facebook finding a way to re-introduce URL tracking, facial recognition cameras being installed in grocery stores , and Google delaying its scheduled plan to remove cookie tracking from Chrome. This video cannot be displayed because your Functional Cookies are currently disabled.

Data privacy

Data privacy Cybersecurity

Watch Those Cookies: Girl Scouts Compromised by Hacker

Adam Levin

NOVEMBER 12, 2018

The email account in question was used to communicate about travel, and had information on members going back as far as 2014, potentially including full names, birthdates, email addresses, home addresses, driver’s licenses, health history information, and insurance policy numbers.

Identity Theft

Identity Theft Insurance Accountability Cybersecurity

Why our software has so many vulnerabilities, with Tanya Janca: Lock and Code S03E09

Malwarebytes

APRIL 25, 2022

This video cannot be displayed because your Functional Cookies are currently disabled. To enable them, please visit our privacy policy and search for the Cookies section. Select “Click Here” to open the Privacy Preference Center and select “Functional Cookies” in the menu.

Software

Software Hacking Ransomware

When good-faith hacking gets people arrested, with Harley Geiger: Lock and Code S03E14

Malwarebytes

JULY 4, 2022

Though DJI dropped its interest, as Harley Geiger, senior director for public policy at Rapid7, explained on today’s episode of Lock and Code, even the threat itself can destabilize a security researcher. This video cannot be displayed because your Functional Cookies are currently disabled. ” Harley Geiger.

Hacking

Hacking Manufacturing

Why we don’t patch, with Jess Dodson: Lock and Code S03E02

Malwarebytes

JANUARY 18, 2022

This video cannot be displayed because your Functional Cookies are currently disabled. To enable them, please visit our privacy policy and search for the Cookies section. Select “Click Here” to open the Privacy Preference Center and select “Functional Cookies” in the menu.

Ransomware

Ransomware Cybersecurity

Cyber scam targeted at owners of expensive Apple laptops

CyberSecurity Insiders

JULY 18, 2021

For marketing firms, it is easy to tell whether an online shopper is using a Macbook or not- all thanks to Browser & cookies data; and based on such predictions, they target the user with prices that are usually exorbitant that what other Windows PC users are paying.

Scams

Scams Retail Marketing Cybersecurity

Over 200 Apps on Play Store were distributing Facestealer info-stealer

Security Affairs

MAY 17, 2022

The malicious apps are able to steal credentials, Facebook cookies, and other personally identifiable information. Because of how Facebook runs its cookie management policy, we feel that these types of apps will continue to plague Google Play.” The Facestealer spyware was first spotted on July 2021 by Dr. .

Spyware

Spyware Cryptocurrency VPN Malware

600+ installs of WordPress Cookie Consent Plugin vulnerable to hack. Fix it now!

Security Affairs

FEBRUARY 13, 2020

Developers of the popular WordPress GDPR Cookie Consent plugin have addressed a critical bug that could potentially impact 700K users. The GDPR Cookie Consent plugin assists users in making your website GDPR compliant. SecurityAffairs – WordPress GDPR Cookie Consent, hacking). Pierluigi Paganini. Fix it now!

Hacking

Hacking Advertising Authentication Information Security

Black Hat insights: WAFs are getting much more dynamic making them well-suited to protect SMBs

The Last Watchdog

AUGUST 4, 2021

WAFs help companies keep track of these malicious probes by scanning incoming HTTPS traffic and taking note of parameters such as IP address, port routing, cookie data and incoming data. Indusface’s managed cloud service relieves companies from the day-to-day responsibility of refining and implementing blocking policies.

Mobile

Mobile Marketing Digital transformation Risk

CCPA Compliance Checklist & Requirements for Business Owners

Spinone

JULY 10, 2020

Publish a Privacy Policy page that is in line with CCPA rules. In the privacy policy, explicitly elaborate the following: What categories of information you collect from visitors and users (e.g., The link to this page must be visible from the home page and the Privacy Policy page. Here is what you need to do: 1.

Data privacy

Data privacy Software Antivirus Backups

Recovering from romance scams with Cindy Liebes: Lock and Code S03E10

Malwarebytes

MAY 9, 2022

This video cannot be displayed because your Functional Cookies are currently disabled. To enable them, please visit our privacy policy and search for the Cookies section. Select “Click Here” to open the Privacy Preference Center and select “Functional Cookies” in the menu.

Scams

Scams Cybercrime Cybersecurity

Telling stories securely, with Runa Sandvik: Lock and Code S03E07

Malwarebytes

MARCH 28, 2022

This video cannot be displayed because your Functional Cookies are currently disabled. To enable them, please visit our privacy policy and search for the Cookies section. Select “Click Here” to open the Privacy Preference Center and select “Functional Cookies” in the menu.

Media

Media Cybersecurity

The world’s most coveted spyware, Pegasus: Lock and Code S03E04

Malwarebytes

FEBRUARY 14, 2022

This video cannot be displayed because your Functional Cookies are currently disabled. To enable them, please visit our privacy policy and search for the Cookies section. Select “Click Here” to open the Privacy Preference Center and select “Functional Cookies” in the menu.

Spyware

Spyware Surveillance Government Mobile

GitHub's new privacy policy sparks backlash over tracking cookies

TikTok Fined 5 Million Euros for Cookie Policies

Trending Sources

Case Study: The Cookie Privacy Monster in Big Global Retail

Hackers Steal Session Cookies to Bypass Multi-factor Authentication

Promiscuous Cookies and Their Impending Death via the SameSite Policy

New Ways to Track Internet Browsing

Preventing CSRF Attacks

Microsoft warns of multi-stage AiTM phishing and BEC attacks

Large-scale AiTM phishing campaign targeted +10,000 orgs since 2021?

France slaps $ 64m penalty on Microsoft

Why You Should Opt Out of Sharing Data With Your Mobile Provider

These Cookie Warning Shenanigans Have Got to Stop

This Week’s Trends in Privacy with Nymity Research – August 24, 2021

SYS01 stealer targets critical government infrastructure

Spear-phishing now targets employees outside the finance and executive teams, report says

Accept All Cookies | Avast

Microsoft Says Phishing Campaign Bypassed MFA, Targeted 10,000 Orgs

Google hits its own headlines because of privacy issues

Understanding & Defending Against Adversary-in-the-Middle (AiTM) Attacks

A week in security (February 14 – February 20)

‘Nameless’ malware attacks 1.2TB database in the cloud

Police seize DoubleVPN data, servers, and domain

Racing against a real-life ransomware attack, with Ski Kacoroski: Lock and Code S02E12

College closes down after ransomware attack

Katie Moussouris hacked Clubhouse. Her emails went unanswered for weeks: Lock and Code S02E15

Hackers, tractors, and a few delayed actors. How hacker Sick Codes learned too much about John Deere: Lock and Code S02E16

Russia’s APT28 uses fear of nuclear war to spread Follina docs in Ukraine

WordPress Tools for GDPR Compliance

Report: Brazil must do more to encrypt, back up data

Tor’s (security) role in the future of the Internet, with Alec Muffett

A week in security (May 30 – June 5)

Have we lost the fight for data privacy? Lock and Code S03E16

Watch Those Cookies: Girl Scouts Compromised by Hacker

Why our software has so many vulnerabilities, with Tanya Janca: Lock and Code S03E09

When good-faith hacking gets people arrested, with Harley Geiger: Lock and Code S03E14

Why we don’t patch, with Jess Dodson: Lock and Code S03E02

Cyber scam targeted at owners of expensive Apple laptops

Over 200 Apps on Play Store were distributing Facestealer info-stealer

600+ installs of WordPress Cookie Consent Plugin vulnerable to hack. Fix it now!

Black Hat insights: WAFs are getting much more dynamic making them well-suited to protect SMBs

CCPA Compliance Checklist & Requirements for Business Owners

Recovering from romance scams with Cindy Liebes: Lock and Code S03E10

Telling stories securely, with Runa Sandvik: Lock and Code S03E07

The world’s most coveted spyware, Pegasus: Lock and Code S03E04

Stay Connected