A new report is alleging LinkedIn uses hidden JavaScript to scan its visitors’ browsers for installed extensions, looks for those that compete with its own sales tools, and then twists its users’ arms until they stop using those and pick LinkedIn’s products, instead.
However the social network says this is a smear campaign run by a disgruntled extensions developer who lost a court battle in Germany. An “association of commercial LinkedIn users” called Fairlinked e.V published a report detailing “BrowserGate” – claiming LinkedIn scans for thousands of browser extensions and ties the results to identifiable user profiles – and by scanning, LinkedIn harvests personal and corporate information.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Update on MOVEit Transfer SQL Injection Vulnerabilities: CVE-2023-34362, CVE-2023-35036 and CVE-2023-35708
October 4, 2023
Unit 42 researchers have added additional information on CVE-2023-34362, CVE-2023-35036 and CVE-2023-35708 vulnerabilities using data gathered from Advanced Threat Prevention. On May 31, Progress Software posted a notification alerting customers of a critical Structured Query Language injection (SQLi) vulnerability (CVE-2023-34362) in their MOVEit Transfer product. MOVEit Transfer is a managed file transfer (MFT) application intended to ...
- CISA and NSA Release New Guidance on Identity and Access Management
October 4, 2023
Today, CISA and the National Security Agency (NSA) published Identity and Access Management: Developer and Vendor Challenges, authored by the Enduring Security Framework (ESF), a CISA- and NSA-led working panel that includes a public-private cross-sector partnership. ESF aims to address risks that threaten critical infrastructure and national security systems. This publication, which follows ESF’s Identity and ...
- Lyca Mobile blames cyberattack for network disruption
October 4, 2023
U.K.-based mobile virtual network provider giant Lyca Mobile has confirmed a cyberattack that caused service disruption for millions of its customers. Lyca Mobile claims to be the world’s largest international mobile virtual network operator, or MVNO, which piggybacks off network operator EE’s infrastructure. Lyca confirmed in a statement this week that the security incident prevented customers ...
- Kenya hit by record 860m cyber-attacks in a year
October 3, 2023
Kenya has witnessed an alarming surge in cyberattacks, with a staggering 860 million incidents recorded in the past year, according to the country’s communications regulator. The regulator has expressed concerns over the escalating frequency, sophistication, and scale of these cyber threats, particularly targeting Kenya’s critical information infrastructure. To put this into perspective, back in 2017, Kenya ...
- U.S. DoD’s Critical Infrastructure Is Dangerously Insecure
October 2, 2023
As simmering tensions in East Asia rise to a boil, the recent discovery of a Chinese penetration of the U.S. military’s telecommunication systems in Guam should be setting off alarm bells across the executive branch and in the halls of Congress. Though Chinese penetration of U.S. networks for espionage has been well documented for more than ...
- CISA Adds One Known Exploited Vulnerability to Catalog
October 2, 2023
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-5217 Google Chrome libvpx Heap Buffer Overflow Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency