The researchers from Princeton’s Center for Information Technology Policy discovered that both AdThink and OnAudience are exploiting the built-in password managers to track visitors of around 1,110 of the Alexa top 1 million sites across the Internet.

“We found two scripts using this technique to extract email addresses from login managers on the websites which embed them. These addresses are then hashed and sent to one or more third-party servers. These scripts were present on 1110 of the Alexa top 1 million sites.” states the analysis of  the Princeton’s Center for Information Technology Policy.

The experts have found third-party tracking scripts on these websites that inject invisible login forms in the background of the webpage, the password managers are tricked into auto-filling the form using these data.

The scripts detect the username and send it to third-party servers after hashing with MD5, SHA1, and SHA256 algorithms, these hashed values are used as an identifier for a specific user. Typically tracker used the hashed email as user’s ID.

“Login form autofilling in general doesn’t require user interaction; all of the major browsers will autofill the username (often an email address) immediately, regardless of the visibility of the form.” continue the researchers.

“Chrome doesn’t autofill the password field until the user clicks or touches anywhere on the page. Other browsers we tested don’t require user interaction to autofill password fields.”

Third-party password managers like LastPass and 1Password are not exposed to this tracking technique because they avoid auto-filling invisible forms and anyway they require user interaction.

Users can test the tracking technique using a live demo page created by the researchers.

Below the list of sites embedding scripts that abuse login manager for tracking, it also includes the website of the founder of M5S Beppe Grillo (beppegrillo.it).

Last week, Anonymous hacked a Speed Camera Database in Italy, the hacktivists took control of a local police computer system in Correggio, Italy and erased the entire archive containing speed camera tickets. The hackers also released internal emails and documents.

The hackers provided screenshots of the attack to several Italian newspapers, it seems they have wiped an entire archive containing 40 gigabytes worth of infringement photographs.

The Anonymous hackers sent a message using the e-mail account of the Correggio municipal police.

“Ho Ho Ho, Merry Christmas,” read the message from Anonymous.

The message announced the hack of the Concilia database and of the system developed by the company Verbatel, it also included the links and passwords to download them.

The message includes screenshots of the hack, one of them show a Windows command line likely related to the hacked computer of the Correggio municipal police.

Two images show claims from two motorists complaining that they received tickets from Correggio speed cameras, even though they had never passed through the area.

Emails between police administrators and local politicians discussed how the speed camera profits were to be distributed.

One of the screenshots is related to an email sent by an employee at Correggio data center who explains that he has restored the Concilia DB using a backup dated Dec. 5 due to a serious problem.

The police are still investigating the case.

The year 2017 experienced many sophisticated cyber attacks which have made a huge impact on organization as well as individuals. Here are the Top 10 Cyber Attascks and critical Vulnerabilities that played a major role in 2017. Ransomware continues to dominate the cyber security world.

Wannacry

Wannacry (WannaCrypt,WanaCrypt0r 2.0,Wanna Decryptor), A Computer Malware family called Ransomware that actually target the Microsoft Windows Operating systems  SMB exploit leaked by the Shadow Broker that encrypting data and demanding ransom payments in the cryptocurrency bitcoin.

This Attack Started on 12 May 2017 and Infected more than 3,00,000 computers in over 150 countries which consider as one of the biggest Ransomware cyber Attack which world Never Faced.

Petya

A Ransomware called “Petya” Attack Large  Number of Countries across the Globe on June 2017 and it affecting a large number of banks, energy firms and other companies based in Russia, Ukraine, Spain, Britain, France, India,etc..

This Ransomware attack Started in Ukraine First, Especially Ukraine’s government, banks, state power utility and Kiev’s airport and the metro system have infected by Petya very badly then its Spreading Across the World.

Locky

The onset of Locky Ransomware campaign was thought to be evolutionary, but around the clock, the campaign has grown to be revolutionary.

The other day 711 million addresses were found to be leaked onto the internet by Online Spambot. The profound dump had found coherencies with recent Locky malspam activities.

The countries housing the most attack servers are Vietnam, India, Mexico, Turkey, and Indonesia.

Krack Attack

Highly Secured WiFi Protocol “WPA2” Critical Weakness allows to Break any WiFi Network using Key Reinstallation Attack (KRACK Attack) and this flow is given an Ability to Attacker to crack any of Victims WiFi Modem within The Range of Network.

This Critical KRACK Attack allows an Attacker to Steal the Sensitive Information such as credit card numbers, passwords, chat messages, emails, photos, and so on.

An attacker can Accomplish this KRACK Attack by Performing Man-in-the-Attack and force network participants to reinstall the encryption key used to protected WPA2 traffic.

Sambacry

Linux Machine’s are Hijacked by unknown Vulnerability by using SambaCry Flow and this Vulnerability Exploit by using unauthorized Write Permission in Network Drive in Linux Machines.

Super Privilege Access has been successfully takeover by this Sambacry Payload once payload has injected into the Linux Server.

SambaCry vulnerability to install a backdoor trojan on Linux devices running older versions of the Samba file-sharing server.

Blueborne

Blueborne attack leads attackers to gain complete control over your device and from your device they can migrate to corporate networks and even to most secured Air-gapped computers.

This attack spreads through the air and attacks Bluetooth devices. All the Bluetooth devices mobile, desktop, and IoT operating systems, including Android, iOS, Windows, and Linux are vulnerable.

Duck Attack

DUHK attack allows hackers to recover encryption keys and to decrypt the encrypted web traffic.

DUHK attack targets the old vulnerability that resides in the pseudorandom number generator called ANSI X9.31. It is an algorithm widely used to generate cryptographic keys that secure VPN connections and web browsing sessions.

VLC Player

Cyber Attack Spreading through Vulnerable Subtitles which Downloaded by Victims Media Player and threatens more than 200 Millions of vulnerable Machine in worldwide which leads to completely take over to the infected machine.

This cyber attack is delivered when movie subtitles are loaded by the user’s media player which is delivering by tricks victims.

Grabos Malware

Android Malware called “Grabos”  Found in 144 Google Play apps and it is considered as one of the mass distribution play store Malware by huge number play store apps.

There is no surprise now to see a malicious app on Google play store, hackers continued to deceive the Google safety checks and also they earn high ratings

Most of the app found uploaded in August and October, in a short span they reached between 4.2 million and 17.4 million users downloaded and an average rating of 4.4.

Apache Struts

Apache Struts is a free and open-source framework used to build Java web applications.This is not the first remote code execution vulnerability discovered on Apache Struts.

The vulnerability enables aggressors to obtain total control over the server on which the application is facilitated and make a wide range of destruction.

An aggressor could transfer a malicious file and obtain control over an application subsequent to increasing remote code execution rights on the objective’s Struts-based application server.

A security expert who uses the online moniker Siguza has made public the details and proof-of-concept (PoC) code for a local privilege escalation vulnerability affecting all versions of the macOS operating system. The flaw, which the researcher described as a “zero day,” allows a malicious application installed on the targeted system to execute arbitrary code and obtain root privileges.

Apple is working on patching the vulnerability and has shared some mitigation advice until the fix becomes available.

“Apple is committed to the security of our customers’ devices and data, and we plan to patch this issue in a software update later this month,” Apple said in a statement emailed to SecurityWeek. “Since exploiting the vulnerability requires a malicious app to be loaded on your Mac, we recommend downloading software only from trusted sources such as the Mac App Store.”

The flaw affects IOHIDFamily, a kernel extension designed for human interface devices (e.g. touchscreens and buttons). Siguza discovered that some security bugs in this component introduce a kernel read/write vulnerability, which he has dubbed IOHIDeous.

The exploit created by the hacker also disables the System Integrity Protection (SIP) and Apple Mobile File Integrity (AMFI) security features.

The PoC exploit is not stealthy as it needs to force a logout of the legitimate user. However, the researcher said an attacker could design an exploit that is triggered when the targeted device is manually rebooted or shut down.

Some of the PoC code made available by Siguza only works on macOS High Sierra 10.13.1 and earlier, but the researcher believes it can be adapted for version 10.13.2 as well.

The vulnerability has been around since at least 2002, but it could actually be much older.

Siguza says he is not concerned that malicious actors will abuse his PoC exploit as the vulnerability is not remotely exploitable. The hacker claims he would have privately disclosed the flaw to Apple had it been remotely exploitable or if the tech giant’s bug bounty program covered macOS.

Ask 1 of the 3 credit reporting companies to put a fraud alert on your credit report. They must tell the other 2 companies. An initial fraud alert can make it harder for an identity thief to open more accounts in your name. The alert lasts 90 days but you can renew it.

Why Place an Initial Fraud Alert

Three national credit reporting companies keep records of your credit history. If someone has misused your personal or financial information, call one of the companies and ask for an initial fraud alert on your credit report. If you're concerned about identity theft, but haven't yet become a victim, you can also place an initial  fraud alert.  For example, you may want to place a fraud alert if your wallet, Social Security card, or other personal, financial or account information are lost or stolen. You may also want to place a fraud alert if your personal information was exposed in a data breach. A fraud alert is free. The company you call must tell the other companies about your alert.

An initial fraud alert can make it harder for an identity thief to open more accounts in your name. When you have an alert on your report, a business must verify your identity before it issues credit, so it may try to contact you. The initial alert stays on your report for at least 90 days. You can renew it after 90 days. It allows you to order one free copy of your credit report from each of the three credit reporting companies. Be sure the credit reporting companies have your current contact information so they can get in touch with you.

How to Place an Initial Fraud Alert

Contact Information for the Credit Reporting Companies

TransUnion 1-800-680-7289

Experian 1-888-397-3742

Equifax 1-800-525-6285