super cookies | Breaking Cybersecurity News | The Hacker News

In this digital era, the success of almost every marketing, advertising, and analytics company drives through tracking users across the Internet to identify them and learn their interests to provide targeted ads. Most of these solutions rely on 3rd-party cookies, a cookie set on a domain other than the one you are browsing, which allows companies including Google and Facebook to fingerprint you in order to track your every move across multiple sites. However, if you're using Kaspersky Antivirus, a vulnerability in the security software had exposed a unique identifier associated with you to every website you visited in the past 4 years, which might have allowed those sites and other third-party services to track you across the web even if you have blocked or erased third-party cookies timely. The vulnerability, identified as CVE-2019-8286 and discovered by independent security researcher Ronald Eikenberg, resides in the way a URL scanning module integrated into the antivir...

If you are unaware, the security standard HTTP Strict Transport Security (HSTS) can be abused as a 'supercookie' to surreptitiously track users of almost every modern web browser online without their knowledge even when they use "private browsing." Apple has now added mitigations to its open-source browser infrastructure WebKit that underpins its Safari web browser to prevent HSTS abuse after discovering that theoretical attacks demonstrated in 2015 were recently deployed in the wild against Safari users. HSTS—HTTP Strict Transport Security—is a great feature that allows websites to automatically redirects user's web traffic to secure page connections over HTTPS if the user accidentally opens an insecure URL and then remembers to route that user to the secure connection always. Since HSTS does not allow websites to store any information/value on users web browser except remembering the redirect information about turning it on/off for future use, using ...

Most microsegmentation projects fail before they even get off the ground—too complex, too slow, too disruptive. But Andelyn Biosciences proved it doesn't have to be that way.  Microsegmentation: The Missing Piece in Zero Trust Security   Security teams today are under constant pressure to defend against increasingly sophisticated cyber threats. Perimeter-based defenses alone can no longer provide sufficient protection as attackers shift their focus to lateral movement within enterprise networks. With over 70% of successful breaches involving attackers moving laterally, organizations are rethinking how they secure internal traffic.  Microsegmentation has emerged as a key strategy in achieving Zero Trust security by restricting access to critical assets based on identity rather than network location. However, traditional microsegmentation approaches—often involving VLAN reconfigurations, agent deployments, or complex firewall rules—tend to be slow, operationally disrupt...

Webmasters can track all your activities on the Internet – even if you have already cleared your browsing history and deleted all saved cookies. A researcher demonstrated two unpatched flaws that can be exploited to track Millions of Internet users, allowing malicious website owners: List Building: To compile a list of visited domains by users, even if they have cleared their browsing history Tracking Cookies: To tag users with a tracking cookie that will persist even after they have deleted all cookies These two Browser Fingerprinting techniques abuse HTTP Strict Transport Security (HSTS) and Content Security Policy – new security features already built into Mozilla Firefox and Google Chrome, and expected to make their ways to other mainstream browsers in near future. WHAT IF, The Website owners turn these Security features against You? A security researcher has proved exactly the same last weekend at Toorcon security conference in San Diego. Yan Zhu...