Tag
#ios
Cupertino puts privacy first in a lot of its products. But the company still gathers a bunch of your information.
Categories: News Tags: AWIS Tags: weekly blog roundup Tags: week in security Tags: Slack Tags: GitHub Tags: Magecart Tags: Microsoft Tags: Pokemon NFT Tags: Facebook Tags: Instagram Tags: Snapchat Tags: TikTok Tags: YouTube Tags: Google Tags: Meta Tags: identity theft Tags: Maternal and Family Health Services Tags: 2023 predictions Tags: Royal Mail Tags: K-12 security Tags: K-12 Tags: WhatsApp Tags: NSO Group Tags: Department of Interior Tags: weak passwords Tags: Vice Society Tags: ransomware. Vice Society ransomware The most interesting security related news from the week of January 9—15. (Read more...) The post A week in security (January 9—15) appeared first on Malwarebytes Labs.
Popular short-form video hosting service TikTok has been fined €5 million (about $5.4 million) by the French data protection watchdog for breaking cookie consent rules, making it the latest platform to face similar penalties after Amazon, Google, Meta, and Microsoft since 2020. "Users of 'tiktok[.]com' could not refuse cookies as easily as accepting them and they were not informed in a
Tainted VPN installers are being used to deliver a piece of surveillanceware dubbed EyeSpy as part of a malware campaign that started in May 2022. It uses "components of SecondEye – a legitimate monitoring application – to spy on users of 20Speed VPN, an Iranian-based VPN service, via trojanized installers," Bitdefender said in an analysis. A majority of the infections are said to originate in
On newer macOS/iOS versions, entitlements in binary signature blobs are stored in the DER format. libCoreEntitlements.dylib is the userspace library for parsing and querying such entitlements. The kernel has its own version of this library inside the AppleMobileFileIntegrity module. libCoreEntitlements exposes several functions, such as, for example, to convert entitlements to a dictionary representation (e.g. CEQueryContextToCFDictionary) or to query a specific entitlement (CEContextQuery). Unfortunately, different functions traverse the DER structure in a subtly different way, which allows one API to see one set of entitlements and another API to see a different set of entitlements.
WordPress Slider Revolution plugin version 4.9.2 suffers from a directory traversal vulnerability.
WordPress Slider Revolution plugin version 4.1.3 suffers from a directory traversal vulnerability.
WordPress Slider Revolution plugin version 4.1.2 suffers from a directory traversal vulnerability.
WordPress Slider Revolution plugin version 3.0.8 suffers from a directory traversal vulnerability.
WordPress Profile Builder plugin version 3.0.5 suffers from a remote SQL injection vulnerability.