[SecurityWeek] Safari 15 Vulnerability Allows Cross-Site Tracking of Users

A vulnerability in Apple’s implementation of the IndexedDB API in Safari 15 allows websites to track users’ activity on other sites and even to reveal their identity, browser fingerprinting and fraud detection firm FingerprintJS explains.

read more

Source: Read More (SecurityWeek RSS Feed)

You might be interested in …

[NCSC-FI News] Internal AWS credentials swiped by researcher via SQL payload

A security researcher said they seized credentials for an internal AWS service by exploiting a local file read vulnerability on a Relational Database Service (RDS) EC2 instance. Source: Read More (NCSC-FI daily news followup)

Read More

[NCSC-FI News] Qbot and Zerologon Lead To Full Domain Compromise

Soon after execution of the Qbot payload, the malware established C2 connectivity and created persistence on the beachhead. Successful exploitation of the Zerologon vulnerability (CVE-2020-1472) allowed the threat actors to obtain domain admin privileges. This level of access was abused to deploy additional Cobalt Strike beacons and consequently pivot to other sensitive hosts within the […]

Read More

[BleepingComputer] FBI says cybercrime complaints more than doubled in 14 months

The FBI’s Internet Crime Complaint Center (IC3) has seen a massive 100% in cybercrime complaints over the past 14 months. […] Source: Read More (BleepingComputer)

Read More