Étiquette : vulnerability (Page 1 of 26)

Anonymous fait son grand retour avec le plus gros leak de l’histoire de la police américaine

“La chronologie des fichiers s’étale d’août 1996 au 19 juin 2020, soit 24 ans de données. Emma Best, cofondatrice de DDoSecrets met en avant les notes internes contenues dans la base, qui détaillent la façon dont les policiers suivent les manifestants. D’autres documents contiennent les propos des forces de l’ordre sur le mouvement antifasciste, très critiqué par le président Donald Trump pour son rôle dans la contestation. De leur côté, les manifestants ont déjà identifié une note interne du FBI sur leur surveillance des réseaux sociaux qui leur permet d’avertir les forces de l’ordre locales sur les messages anti-police de certains individus. D’autres ont relevé un avertissement interne du FBI sur un groupe de suprémacistes blancs qui se faisait passer pour un groupe d’antifascistes.”

Source : Anonymous fait son grand retour avec le plus gros leak de l’histoire de la police américaine – Cyberguerre

Google faces $5 billion lawsuit in U.S. for tracking ‘private’ internet use

“The lawsuit seeks at least $5 billion, accusing the Alphabet Inc unit of surreptitiously collecting information about what people view online and where they browse, despite their using what Google calls Incognito mode. According to the complaint filed in the federal court in San Jose, California, Google gathers data through Google Analytics, Google Ad Manager and other applications and website plug-ins, including smartphone apps, regardless of whether users click on Google-supported ads. This helps Google learn about users’ friends, hobbies, favorite foods, shopping habits, and even the “most intimate and potentially embarrassing things” they search for online, the complaint said. ”

Source : Google faces $5 billion lawsuit in U.S. for tracking ‘private’ internet use – Reuters

StopCovid demande l’accès à la géolocalisation sur Android, mais s’engage à ne pas l’utiliser

StopCovid demande géolocalisation

“L’équipe derrière StopCovid se retrouve dans une position quelque peu étrange où elle doit promettre qu’elle n’utilise pas la géolocalisation, mais uniquement le Bluetooth (ce qui peut néanmoins être vérifié en analysant le code source du projet, celui-ci étant mis en ligne à des fins de transparence). Si les individus refusent cet accès, l’appli devient inutilisable. Toute la question est de savoir comment cette particularité sera reçue par le public, s’il a entendu à plusieurs reprises que la géolocalisation ne joue aucun rôle dans StopCovid, et qu’il découvre que l’application en a besoin, du fait des choix de l’équipe-projet en matière de traçage des contacts et de la manière dont a été construit Android.”

Source : StopCovid demande l’accès à la géolocalisation sur Android, mais s’engage à ne pas l’utiliser

France Says Apple Bluetooth Policy Is Blocking Virus Tracker

“Apple and Alphabet Inc.’s Google are developing their own technology to help build contact-tracing apps. Their platform should become available to governments and public health authorities everywhere next month, according to an official in the French minister’s office. Still, the French are banking on a home-grown solution. France’s conflict with Apple is part of a broader debate about how much data such apps should collect and who should have access to it.”

Source : France Says Apple Bluetooth Policy Is Blocking Virus Tracker – Bloomberg

CCC | 10 requirements for the evaluation of « Contact Tracing » apps

Header

“In principle, the concept of a « Corona App » involves an enormous risk due to the contact and health data that may be collected. At the same time, there is a chance for « privacy-by-design » concepts and technologies that have been developed by the crypto and privacy community over the last decades. With the help of these technologies, it is possible to unfold the epidemilogical potential of contact tracing without creating a privacy disaster. For this reason alone, all concepts that violate or even endanger privacy must be strictly rejected. In the following, we outline social and technical minimum requirements for such technologies. The CCC sees itself in an advisory and observation role in this debate. We will not recommend specific apps, concepts or procedures. We however advise against the use of apps that do not meet these requirements.”

Source : CCC | 10 requirements for the evaluation of « Contact Tracing » apps

Facebook Wanted NSO Spyware to Monitor Users, NSO CEO Claims

“Facebook representatives approached controversial surveillance vendor NSO Group to try and buy a tool that could help Facebook better monitor a subset of its users, according to an extraordinary court filing from NSO in an ongoing lawsuit. Facebook is currently suing NSO for how the hacking firm leveraged a vulnerability in WhatsApp to help governments hack users. NSO sells a product called Pegasus, which allows operators to remotely infect cell phones and lift data from them.”

Source : Facebook Wanted NSO Spyware to Monitor Users, NSO CEO Claims – VICE

Ex-NSA hacker drops new zero-day doom for Zoom

zoom-security-flaws

“Now that a large portion of the world is working from home to ride out the coronavirus pandemic, Zoom’s popularity has rocketed, but also has led to an increased focus on the company’s security practices and privacy promises. Hot on the heels of two security researchers finding a Zoom bug that can be abused to steal Windows passwords, another security researcher found two new bugs that can be used to take over a Zoom user’s Mac, including tapping into the webcam and microphone.”

Source : Ex-NSA hacker drops new zero-day doom for Zoom | TechCrunch

Cookiethief: a cookie-stealing Trojan for Android

“We recently discovered a new strain of Android malware. The Trojan (detected as: Trojan-Spy.AndroidOS.Cookiethief) turned out to be quite simple. Its main task was to acquire root rights on the victim device, and transfer cookies used by the browser and Facebook app to the cybercriminals’ server. This abuse technique is possible not because of a vulnerability in Facebook app or browser itself. Malware could steal cookie files of any website from other apps in the same way and achieve similar results.”

Source : Cookiethief: a cookie-stealing Trojan for Android | Securelist

1.2 Billion Records Found Exposed Online in a Single Server

a woman retrieving info from file catalouge

“For well over a decade, identity thieves, phishers, and other online scammers have created a black market of stolen and aggregated consumer data that they used to break into people’s accounts, steal their money, or impersonate them. In October, dark web researcher Vinny Troia found one such trove sitting exposed and easily accessible on an unsecured server, comprising 4 terabytes of personal information—about 1.2 billion records in all.”

Source : 1.2 Billion Records Found Exposed Online in a Single Server  | WIRED

Leaked Document Shows How Big Companies Buy Credit Card Data on Millions of Americans

http://www.beaude.net/no-flux/wp-content/uploads/2020/03/1582126936038-credit-card.jpeg

“Yodlee, the largest financial data broker in the U.S., sells data pulled from the bank and credit card transactions of tens of millions of Americans to investment and research firms, detailing where and when people shopped and how much they spent. The company claims that the data is anonymous, but a confidential Yodlee document obtained by Motherboard indicates individual users could be unmasked.”

Source : Leaked Document Shows How Big Companies Buy Credit Card Data on Millions of Americans – VICE

« Older posts

© 2020 no-Flux

Theme by Anders NorenUp ↑