InfoSecBulletin Cybersecurity for mankind
Google is focusing on improving web privacy by disabling third-party cookies on the Chrome browser. According to Anthony Chavez, VP for Privacy Sandbox, Google will test Tracking Protection, a new feature that limits cross-site tracking by restricting website access to third-party cookies by default.
“We’ll roll this out to 1% of Chrome users globally, a key milestone in our Privacy Sandbox initiative to phase out third party cookies for everyone in the second half of 2024, subject to addressing any remaining competition concerns from the UK’s Competition and Markets Authority,” said Chavez in a blog post.
Russia detects first SuperCard malware attacks via NFC
Income Property Investments exposes 170,000+ Individuals record
ALERT (CVE: 2023-28771)
Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs
CISA Flags Active Exploits in Apple iOS and TP-Link Routers
10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online
Canada 2nd largest airlines “WestJet” investigates cyberattack disrupting internal systems
Paraguay 7.4 Million Citizen Records Leaked on Dark Web
High-Severity Flaw in HashiCorp Nomad Allows Privilege Escalation
SoftBank: Over 137,000 personal info leaked
Alert
Trend Micro Apex One Flaw Allow Attackers to Inject Malicious Code
The Privacy Sandbox initiative aims to create technologies that protect privacy online and provide tools for companies and developers to build digital businesses. It reduces tracking across sites and apps while keeping online content and services free for everyone.
Chrome will phase out third party cookies in the Privacy Sandbox for web. It will use privacy techniques like differential privacy, k-anonymity, and on-device processing to limit tracking, such as fingerprinting, and restrict the amount of information sites can access, ensuring privacy and security.
Google Chrome is the world’s most popular browser. But it’s also the browser that continues to be targeted by cybercriminals. CloudSEK, a cybersecurity firm, recently reported that hackers are using cookies on the Chrome browser to log into user emails without the need for passwords or authentication.
According to The Independent, a type of malware that uses third party cookies to access private data is currently being tested by hacking groups. This was first discovered in October 2023 when a hacker discussed it on Telegram.
Hackers have discovered a method to steal cookies by exploiting Google authentication cookies. This allows them to bypass the two-factor authentication as well.
“This exploit enables continuous access to Google services, even after a user’s password is reset,” Pavan Karthick M, a threat intelligence researcher at CloudSEK, wrote in a blog post detailing the issue.
Google is securing compromised accounts and all browsers will phase out third-party cookies soon.
“As we work to make the web more private, we’ll provide businesses with tools to succeed online so that high-quality content remains freely accessible — whether that’s news articles, videos, educational information, community sites, or other forms of web content. With Tracking Protection, Privacy Sandbox and all of the features we launch in Chrome, we’ll continue to work to create a web that’s more private than ever, and universally accessible to everyone,” Chavez said.
