A new report is alleging LinkedIn uses hidden JavaScript to scan its visitors’ browsers for installed extensions, looks for those that compete with its own sales tools, and then twists its users’ arms until they stop using those and pick LinkedIn’s products, instead.
However the social network says this is a smear campaign run by a disgruntled extensions developer who lost a court battle in Germany. An “association of commercial LinkedIn users” called Fairlinked e.V published a report detailing “BrowserGate” – claiming LinkedIn scans for thousands of browser extensions and ties the results to identifiable user profiles – and by scanning, LinkedIn harvests personal and corporate information.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- BBC cyber attack exposes details of 25,000 current and former staff
May 30, 2024
The personal data of more than 25,000 former and current BBC employees has been exposed in a major cyber attack targeting the broadcaster’s pension scheme. Information including names, addresses and National Insurance numbers was compromised after files containing personal details were stolen from a cloud data storage service earlier this month. It is not yet known who ...
- Europol: Largest ever operation against botnets hits dropper malware ecosystem
May 30, 2024
Between 27 and 29 May 2024 Operation Endgame, coordinated from Europol’s headquarters, targeted droppers including, IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee and Trickbot. The actions focused on disrupting criminal services through arresting High Value Targets, taking down the criminal infrastructures and freezing illegal proceeds. This approach had a global impact on the dropper ecosystem. The malware, whose ...
- Confluence Data Center and Server Remote Code Execution Vulnerability
May 30, 2024
The SonicWall Capture Labs threat research team became aware of a remote code execution vulnerability in the Atlassian Confluence Data Center and Server, assessed its impact and developed mitigation measures. Confluence Server is a software to manage documentation and knowledge bases with an ubiquitous presence across the globe. Identified as CVE-2024-21683, Confluence Data Center and Server ...
- Exposed and vulnerable: Recent attacks highlight critical need to protect internet-exposed OT devices
May 30, 2024
Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology (OT) devices. Internet-exposed OT equipment in water and wastewater systems (WWS) in the US were targeted in multiple attacks over the past months by different nation-backed actors, including attacks by IRGC-affiliated “CyberAv3ngers” in November 2023, as well ...
- CVE-2024-30043: Abusing URL Parsing Confusion To Exploit XXE On Sharepoint Server And Cloud
May 30, 2024
Yes, the title is right. This blog covers an XML eXternal Entity (XXE) injection vulnerability that the author found in SharePoint. The bug was recently patched by Microsoft. In general, XXE vulnerabilities are not very exciting in terms of discovery and related technical aspects. They may sometimes be fun to exploit and exfiltrate data (or do ...
- Sing Us a Song You’re the Piano Scam
May 29, 2024
Proofpoint recently identified a cluster of activity conducting malicious email campaigns using piano-themed messages to lure people into advance fee fraud (AFF) scams. The campaigns have occurred since at least January 2024, and are ongoing. Most of the messages target students and faculty at colleges and universities in North America, however other targeting of industries including ...