Tag: visitors’ | Page 2

The US Used the Patriot Act to Justify Logging Website Visitors

December 5, 2020/in Computer Security

The two stories that have dominated headlines in the US in 2020, the Covid-19 pandemic and the presidential election, were still in the news this week as virus cases and death tolls rise and the promise of a vaccine looms. New research, though, indicates that phishers have been targeting vaccine development groups and particularly organizations that work on the global cold chain, which will be crucial for storing and shipping vaccine doses worldwide. Meanwhile, President Donald Trump has continued to spread falsehoods and conspiracy theories about the validity of his loss to president-elect Joe Biden. On Tuesday, though, US attorney general William Barr went on record saying that the Justice Department “has not seen fraud on a scale that could have effected a different outcome in the election,” a crucial pronouncement that leaves the Trump reelection campaign with even fewer options to contest the result.

A “magical bug” in iOS, now patched, could have let an attacker take full control of any iPhones in the hacker’s Wi-Fi range and then automatically worm the infection to other nearby devices. Startups are rushing to develop tools that can vet artificial intelligence systems to find vulnerabilities and loopholes before they can be exploited. And the hackers behind the notorious botnet TrickBot have added malware capabilities to check if a target device’s firmware is vulnerable to attack and, if so, burrow deeper for long-term persistence.

In good news, a coalition of internet infrastructure groups is making progress securing the foundational internet data-routing system known as Border Gateway Protocol. And as Google looks to offer end-to-end encryption in the RCS messaging protocol, it plans to use the open source Signal Protocol, which already underpins secure messaging app Signal as well as giants like WhatsApp. Now that it may roll out to Android’s 2 billion users, we took a look at how the protocol works and what you need to know about it.

And there’s more. Every Saturday we round up the security and privacy stories that we didn’t break or report on in depth but think you should know about. Click on the headlines to read them, and stay safe out there.

The US government has…

Source…

Bletchley Park visitors warned of data breach after Blackbaud ransomware attack

August 25, 2020/in Computer Security

The famous World War II code-cracking site of Bletchley Park announces a data breach, following a ransomware attack at Blackbaud.
Graham Cluley

Hackers actively exploit WordPress plugin flaw to send visitors to bad sites

May 29, 2019/in Internet Security

A redirection from a site still running a vulnerable version of the plugin.

Hackers have been actively exploiting a recently patched vulnerability in some websites that causes the sites to redirect to malicious sites or display misleading popups, security researchers warned on Wednesday.

The vulnerability was fixed two weeks ago in WP Live Chat Support, a plugin for the WordPress content management system that has 50,000 active installations. The persistent cross-site scripting vulnerability allows attackers to inject malicious JavaScript into sites that use the plugin, which provides an interface for visitors to have live chats with site representatives.

Researchers from security firm Zscaler’s ThreatLabZ say attackers are exploiting the vulnerability to cause sites using unpatched versions of WP Live Chat Support to redirect to malicious sites or to display unwanted popups. While the attacks aren’t widespread, there have been enough of them to raise concern.

Read 3 remaining paragraphs | Comments

Biz & IT – Ars Technica

Chrome and Firefox leaks let sites steal visitors’ Facebook names, profile pics

May 31, 2018/in Internet Security

Enlarge (credit: Ruslan Habalov)

For more than a year, Mozilla Firefox and Google Chrome may have leaked users’ Facebook usernames, profile pictures, and likes if the users’ browsers visited malicious websites that employed a cutting-edge hack, researchers said Thursday.

The data could be extracted through what’s known as a side-channel vulnerability in the browsers’ implementation of new standards for cascading style sheets introduced in 2016. One of the new features known as the “mix-blend-mode” leaked visual content hosted on Facebook to websites that included an iframe linking to it and some clever code to capture the data. Normally, a security concept known as the same-origin policy forbids content hosted on one domain to be available to a different domain. The vulnerability was significant because it allowed hackers to bypass this bedrock principle for two of the Internet’s most widely used browsers.

The leak was independently discovered by two different research teams, and it was fixed late last year in version 63 of Chrome and two weeks ago in Firefox 60. While the updated browsers no longer pose a threat to user privacy, one of the researchers who discovered the vulnerability said the increasingly powerful graphics capabilities being added in the HTML5 and CSS standards are likely to make similar hacks possible in the future.

Read 9 remaining paragraphs | Comments

Biz & IT – Ars Technica

Tag Archive for: visitors’