Zum Inhalt der Seite gehen

Suche

Beiträge, die mit PRIVACY getaggt sind

LiteSpeed Cache Plugin Vulnerability poses significant Risk to WordPress Websites.

The free version of the popular WordPress plugin LiteSpeed Cache has fixed a dangerous privilege elevation flaw on its latest release that could allow unauthenticated actors to gain admin rights.

[CVE-2024-50550 CVSS score: 8.1]

https://patchstack.com/articles/rare-case-of-privilege-escalation-patched-in-litespeed-cache-plugin/

#wordpress #litespeed #flaw #it #security #privacy #engineer #media #tech #news
LiteSpeed Cache is a popular site acceleration plugin for WordPress that, as the name implies, comes with advanced caching functionality and optimization features. It's installed on over six million sites. The newly identified issue, per Patchstack, is rooted in a function named is_role_simulation and is similar to an earlier flaw that was publicly documented back in August 2024 (CVE-2024-28000, CVSS score: 9.8). It stems from the use of a weak security hash check that could be brute-forced by a bad actor, thus allowing for the crawler feature to be abused to simulate a logged-in user, including an administrator. The vulnerability, tracked as CVE-2024-50550 (CVSS score: 8.1), has been addressed in version 6.5.2 of the plugin. <https://wordpress.org/plugins/litespeed-cache/>

Rare Case of Privilege Escalation Patched in LiteSpeed Cache Plugin - Patchstack

A vulnerability in LiteSpeed Cache allowed unauthorized admin access; fixed in version 6.5.2, with Patchstack users automatically protected.
Rafie Muhammad (Patchstack)
#news #privacy #tech #wordpress #media #security #it #engineer #litespeed #flaw

[BEWARE!!!] Android Malware "FakeCall" now reroutes Bank Calls to Attackers. :androidalt:

Researchers have found new versions of a sophisticated Android financial-fraud Trojan that’s notable for its ability to intercept calls a victim tries to place to customer-support personnel of their banks.

https://www.zimperium.com/blog/mishing-in-motion-uncovering-the-evolving-functionality-of-fakecall-malware/

#android #fakecall #vishing #malware #it #security #privacy #engineer #media #tech #news
FakeCall (or FakeCalls) is a banking trojan with a focus on voice phishing, in which victims are deceived through fraudulent calls impersonating banks, asking them to convey sensitive information. In addition to vishing (voice phishing), FakeCall could also capture live audio and video streams from the infected devices, allowing attackers to steal sensitive data without victim interaction. The malware also exploits the Android Accessibility Service to capture screen content and manipulate the device’s display to create a deceptive user interface while mimicking the legitimate phone app.
[ImageSource: Zimperium] Overview of latest FakeCall attacks. The FakeCall malware typically infiltrates a device through a malicious app downloaded from a compromised website or a phishing email. The app requests permission to become the default call handler. If granted, the malware gains extensive privileges. A fake call interface mimics the actual Android dialer, displaying trusted contact information and names, elevating the level of deception to a point that's hard for victims to realize. What makes this malware so dangerous is that when a user attempts to call their financial institution, the malware secretly hijacks the call and redirects it to an attacker's phone number instead.

Mishing in Motion: Uncovering the Evolving Functionality of FakeCall Malware - Zimperium

In this blog post we share Zimperium’s Zero-Day Protection against the Water Makara Spear-Phishing campaign.
Zimperium
#android #news #privacy #tech #media #malware #security #it #engineer #fakecall #vishing

It's infuriating how activists are so lax with #privacy and their use of #CorporateSocialMedia

It's like: Thanks for your support! Follow us of asshole Facebook and fascist Twitter!

No thanks.

Then you go on their websites and get blocked because you're using an adblocker!

I mean, I won't look at it if my adblocker is a problem to you.
#privacy #corporatesocialmedia

Always ready to provide every possible assistance to farmers: Nitish Kumar.

https://aliyesha.com/sub/articles/news/display/bh_always_ready_to_help_farmers_nitish

#bihar #patna #india #news #press #politics #jdu #nitishkumar #farming #farmers #kharif #rice #CropProcurement #msp #governance #mandi

Enjoy tracker free reading with us. #privacy #privacymatters

Patna: Always ready to provide every possible assistance to farmers: Nitish Kumar.

Chief Minister Nitish Kumar held a review meeting at 'Sankalp' located at 1 Anne Marg regarding rice procurement for the Kharif marketing season 2024-25.
Alok Sharma (Aliyesha)
#news #privacy #politics #press #India #farming #governance #farmers #privacymatters #bihar #patna #jdu #NitishKumar #kharif #rice #cropprocurement #msp #mandi

Diwali Fireworks: Balancing Tradition with Environmental Impact.

https://aliyesha.com/sub/articles/news/display/uk_diwali_fireworks_impact_environment

#uttarakhand #dehradun #india #press #news #diwali #diwali2024 #firecrackers #pollution #tradition #culture #environment

Enjoy tracker free reading with us. #privacy #privacymatters

Dehradun: Diwali Fireworks: Balancing Tradition with Environmental Impact.

People eagerly await the arrival of Diwali every year, however, the tradition of bursting fireworks on Diwali remains somewhat of a mystery.
Prem Pancholi (Aliyesha)
#pollution #environment #news #privacy #culture #press #India #tradition #diwali #uttarakhand #Dehradun #diwali2024 #firecrackers #privacymatters

Apple creates Private Cloud Compute VM to let Researchers find Bugs. :apple_inc:

The company also seeks to improve the system's security and has expanded its security bounty program to include rewards of up to [$1 Million] for vulnerabilities that could compromise “the fundamental security and privacy guarantees of PCC”.

https://security.apple.com/blog/pcc-security-research

#apple #pcc #vm #securityresearch #bug #bounty #programming #ai #it #security #privacy #engineer #media #tech #news
Apple created a Virtual Research Environment to allow public access to testing the security of its Private Cloud Compute system, and released the source code for some “key components” to help researchers analyze the privacy and safety features on the architecture. The company also makes available the Private Cloud Compute Security Guide, which explains the architecture and technical details of the components and the way they work. <https://security.apple.com/documentation/private-cloud-compute>
[ImageSource: Apple] Interacting with the Private Cloud Compute client from the Virtual Research Environment. Apple provides a Virtual Research Environment (VRE), which replicates locally the cloud intelligence system and allows inspecting it as well as testing its security and hunting for issues. “The VRE runs the PCC node software in a virtual machine with only minor modifications. Userspace software runs identically to the PCC node, with the boot process and kernel adapted for virtualization,” Apple explains, sharing documentation on how to set up the Virtual Research Environment on your device. VRE is present on macOS Sequia 15.1 Developer Preview and it needs a device with Apple silicaon and at least 16GB of unified memory. <https://security.apple.com/documentation/private-cloud-compute/vresetup>
#news #ai #privacy #tech #media #security #pcc #Apple #bug #it #engineer #programming #vm #securityresearch #bounty

EFF Launches Digital Rights Bytes to Answer Tech Questions that Bug Us All https://www.eff.org/press/releases/eff-launches-digital-rights-bytes-answer-tech-questions-bug-us-all #privacy #consumer #consumo

EFF Launches Digital Rights Bytes to Answer Tech Questions that Bug Us All

SAN FRANCISCO—The Electronic Frontier Foundation today launched “Digital Rights Bytes,” a new website with short videos offering quick, easily digestible answers to the technology questions that trouble us all.
Electronic Frontier Foundation
#privacy #consumo #consumer

‘Irish Data Protection Commission fines LinkedIn Ireland €310 million… following an inquiry into LinkedIn...
The inquiry examined LinkedIn’s processing of personal data for the purposes of behavioural analysis and targeted advertising of users who have created LinkedIn profiles (members)’
https://www.dataprotection.ie/en/news-media/press-releases/irish-data-protection-commission-fines-linkedin-ireland-eu310-million
#eu #law #gdpr #privacy #tech #advertising

Data Protection Commission

The Irish Data Protection Commission (DPC) has today announced its final decision following an inquiry into LinkedIn Ireland Unlimited Company (LinkedIn).
Data Protection Commission
#privacy #tech #law #advertising #eu #gdpr

Today is the 10 year anniversary of #CITIZENFOUR, the out-in-theaters release in the United States was 2014 October 24

if you've never seen it, i highly recommend it! much of the government surveillance that it highlights are either still in practice or are being done by other governments all around the world

here are some old photos i made back on the opening night at SIFF Cinema in Seattle

#LauraPoitras #Snowden #EdwardSnowden #privacy #surveillance #NSA #GCHQ #humanrights
walking into a movie theater with CITIZENFOUR written above the doorway, the left door is open and the right door is closed
a movie poster of CITIZENFOUR showing Edward Snowden in a green hue
#privacy #surveillance #humanrights #nsa #snowden #citizenfour #laurapoitras #edwardsnowden #gchq

Preemption Playbook: Big Tech’s Blueprint Comes Straight from Big Tobacco https://www.eff.org/deeplinks/2024/10/preemption-playbook-big-techs-blueprint-comes-straight-big-tobacco #privacy #privacidad

Preemption Playbook: Big Tech’s Blueprint Comes Straight from Big Tobacco

Big Tech is borrowing a page from Big Tobacco's playbook to wage war on your privacy, according to Jake Snow of the ACLU of Northern California. We agree.
Electronic Frontier Foundation
#privacy #privacidad

From last month - 23andMe settles data breach lawsuit for $30 million
By Jonathan Stempel
https://www.reuters.com/technology/cybersecurity/23andme-settles-data-breach-lawsuit-30-million-2024-09-13/
#biotech #dataprotection #privacy #classaction #settlement
#privacy #dataprotection #settlement #biotech #classaction

Un robot aspirador de la marca #Ecovacs no sólo era fácil de piratear, sino que también transmitía a la empresa muchos datos íntimos sobre los usuarios. La configuración de privacidad para evitar esto está bien oculta https://netzpolitik.org/2024/verbraucherschutz-saugroboter-von-ecovacs-als-spion-in-der-wohnung/ #privacy #privacidad #consumo

Verbraucherschutz: Saugroboter von Ecovacs als Spion in der Wohnung

Ein Saugroboter der Marke Ecovacs war nicht nur leicht zu hacken, sondern gibt auch zahlreiche intime Daten über die Nutzer:innen an das Unternehmen weiter. Die Datenschutzeinstellungen, das zu verhindern, sind gut versteckt.
netzpolitik.org
#privacy #consumo #privacidad #ecovacs

I’ve been saying this for more than a decade at this point. It’s about time government realised that protecting the #privacy of its citizens is vital for protecting national security. #auspol
https://www.abc.net.au/news/2024-10-03/ad-tech-data-breach-real-time-bidding-national-security-privacy/104416546

The sensitive data of Australia's security personnel is at risk of being on-sold to foreign actors

The federal opposition has called for urgent action to prevent the personal data of Australia's national security personnel being on-sold to foreign actors after a new report exposed a blackmail risk.
Ange Lavoipierre (ABC News)
#privacy #auspol