A new report is alleging LinkedIn uses hidden JavaScript to scan its visitors’ browsers for installed extensions, looks for those that compete with its own sales tools, and then twists its users’ arms until they stop using those and pick LinkedIn’s products, instead.
However the social network says this is a smear campaign run by a disgruntled extensions developer who lost a court battle in Germany. An “association of commercial LinkedIn users” called Fairlinked e.V published a report detailing “BrowserGate” – claiming LinkedIn scans for thousands of browser extensions and ties the results to identifiable user profiles – and by scanning, LinkedIn harvests personal and corporate information.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Upper Michigan: Cyber attack hits Sault Tribe offices
February 13, 2025
A ransomware attack that shut down gaming at all five Kewadin Casino locations also impacted other offices at an eastern Upper Peninsula tribe. The tribe made the announcement Monday and said it could be a week or more before regular operations can resume. “On Sunday morning, the Sault Ste. Marie Tribe of Chippewa Indians suffered a ...
- Ivanti Releases February 2025 Security Updates
February 12, 2025
Ivanti has released three security advisories in the February Security Update, which addresses vulnerabilities in Ivanti products. In the first advisory, two vulnerabilities were identified in Ivanti Cloud Services Application (CSA). The Ivanti CSA is an Internet appliance that provides secure communication and functionality over the Internet. It falls under the primary product of Ivanti Endpoint ...
- SonicOS SSL VPN Authentication Bypass Vulnerability (CVE-2024-53704)
February 12, 2025
A proof-of-concept (PoC) exploit has been published by security researchers for an authentication bypass vulnerability in the SonicOS SSL VPN component. SonicWall appliances provide virtual private network (VPN) and ‘next-gen’ firewall capabilities. SonicWall formally disclosed and released security updates addressing CVE-2024-53704 on 07 January 2025. Successful exploitation of CVE-2024-53704 could allow a remote, unauthenticated attacker to ...
- The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation
February 12, 2025
Microsoft is publishing for the first time their research into a subgroup within the Russian state actor Seashell Blizzard and its multiyear initial access operation, tracked by Microsoft Threat Intelligence as the “BadPilot campaign”. This subgroup has conducted globally diverse compromises of Internet-facing infrastructure to enable Seashell Blizzard to persist on high-value targets and support tailored ...
- Huge cyber attack under way – 2.8 million IPs being used to target VPN devices
February 10, 2025
A wide range of Virtual Private Network (VPN) and other networking devices are currently under attack by threat actors trying to break in to wider networks, experts have warned. Threat monitoring platform The Shadowserver Foundation warned about the ongoing attack on X, noting someone is currently using roughly 2.8 million different IP addresses to try and ...
- Apple fixes iPhone and iPad bug used in an ‘extremely sophisticated attack’
February 10, 2025
On Monday, Apple released updates for its mobile operating systems for iOS and iPadOS, which fixed a flaw that the company said “may have been exploited in an extremely sophisticated attack against specific targeted individuals.” In the release notes for iOS 18.3.1 and iPadOS 18.3.1, the company said the vulnerability allowed the disabling of USB Restricted ...