InfoSecBulletin Cybersecurity for mankind
Google is focusing on improving web privacy by disabling third-party cookies on the Chrome browser. According to Anthony Chavez, VP for Privacy Sandbox, Google will test Tracking Protection, a new feature that limits cross-site tracking by restricting website access to third-party cookies by default.
“We’ll roll this out to 1% of Chrome users globally, a key milestone in our Privacy Sandbox initiative to phase out third party cookies for everyone in the second half of 2024, subject to addressing any remaining competition concerns from the UK’s Competition and Markets Authority,” said Chavez in a blog post.
B1ack’s Stash Releases 1 Million Credit Cards on a Deep Web Forum
Cisco Confirms
Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks
AWS Key Hunter
Test this free automated tool to hunt for exposed AWS secrets
Check Point Flaw Used to Deploy ShadowPad and Ransomware
CVE-2024-12284
Citrix Issues Security Update for NetScaler Console
CISA and FBI ALERT
Ghost ransomware to breach organizations in 70 countries
Hacker chains multiple vulns to attack Palo Alto Firewall
150 Gov.t Portal affected
Black-Hat SEO Poisoning Indian “.gov.in, .ac.in” domain
CVE-2018-19410 Exposes 600 PRTG Instances in Bangladesh
Builder claims Rs 150 cr for data loss; AWS faces FIR In Bengaluru
The Privacy Sandbox initiative aims to create technologies that protect privacy online and provide tools for companies and developers to build digital businesses. It reduces tracking across sites and apps while keeping online content and services free for everyone.
Chrome will phase out third party cookies in the Privacy Sandbox for web. It will use privacy techniques like differential privacy, k-anonymity, and on-device processing to limit tracking, such as fingerprinting, and restrict the amount of information sites can access, ensuring privacy and security.
Google Chrome is the world’s most popular browser. But it’s also the browser that continues to be targeted by cybercriminals. CloudSEK, a cybersecurity firm, recently reported that hackers are using cookies on the Chrome browser to log into user emails without the need for passwords or authentication.
According to The Independent, a type of malware that uses third party cookies to access private data is currently being tested by hacking groups. This was first discovered in October 2023 when a hacker discussed it on Telegram.
Hackers have discovered a method to steal cookies by exploiting Google authentication cookies. This allows them to bypass the two-factor authentication as well.
“This exploit enables continuous access to Google services, even after a user’s password is reset,” Pavan Karthick M, a threat intelligence researcher at CloudSEK, wrote in a blog post detailing the issue.
Google is securing compromised accounts and all browsers will phase out third-party cookies soon.
“As we work to make the web more private, we’ll provide businesses with tools to succeed online so that high-quality content remains freely accessible — whether that’s news articles, videos, educational information, community sites, or other forms of web content. With Tracking Protection, Privacy Sandbox and all of the features we launch in Chrome, we’ll continue to work to create a web that’s more private than ever, and universally accessible to everyone,” Chavez said.
