By Deeba Ahmed
META is suspending accounts of users on Facebook and Instagram, potentially linked to malicious Vietnamese activity involving META's Oculus.
This is a post from HackRead.com Read the original post: Linked Oculus Accounts Trigger Facebook and Instagram Suspension

Experiencing a sudden Facebook or Instagram account suspension? You’re not alone. Suspicious activity on Oculus accounts linked to META users is going unaddressed as META opts for suspensions instead of addressing the root cause.

Multiple posts on social media platforms like Reddit suggest a sudden rise in Facebook and Instagram account suspensions, causing frustration among users, mainly because they are clueless about why this is happening.

Many users claim their accounts were suspended without warning or explanation, leaving them unaware of the alleged violation. Users complained about seeing a suspension message from Meta that read:

“Your account was suspended because your linked Meta account doesn’t follow our rules. Log into your linked auth.oculus.com account to appeal our decision.”

Users are confused and frustrated due to Meta’s lack of transparency about suspension reasons and limited appeal options whereas the lack of communication from Meta regarding the suspensions is making it difficult to understand and address the situation.

Reddit user r/facebookdisabledme posted: “Facebook suspended my account without giving any specific reason. Trying to appeal is proving to be extremely difficult.”

Users on Facebook, Instagram, and Reddit are reporting a connection between suspensions and their linked Oculus accounts, indicating a potential security issue within the VR platform. Further probing reveals that Vietnamese hackers could be exploiting vulnerabilities in the Oculus Meta system, which was acquired by Meta in 2014.

“There were 2 logins from Vietnam into my account (I’m from Belgium). Most likely that’s why Facebook suspended the account immediately? But I didn’t get any recovery mail or explanation” user u/Mammoth\_Resolution\_7 shared on Reddit.

One user claimed the hacker linked Meta Horizon account to his Facebook and another reported linking of Meta Oculus. 

According to sources, hackers are creating Oculus Meta accounts and linking them to victims’ social media accounts, registering them as unauthorized access, which is leading to thousands of account suspensions.

For your information, Meta introduced Meta Accounts in 2022 to allow the decoupling of Quest users’ devices from their Facebook profiles. This change was deemed inevitable as it prevented users from losing access to their Oculus Meta account if their Facebook account was banned. However, multiple accounts are still linked, affecting many Facebook or Instagram accounts’ safety.

It is also worth noting that Vietnamese cybercriminals have a history of targeting META and business pages on the platform, with instances of **using DarkGate malware** to steal login credentials.

Nevertheless, META almost member addresses why it suspends user accounts. However, to avoid account suspensions, users should review Meta’s Community Standards, check for official announcements on their website or social media platforms, contact Meta Support through their official channels, and be patient and persistent in navigating the appeal process.

Meta should provide clear communication and address concerns promptly and transparently, as it is crucial for users to understand the specific reason for their account suspension and to be patient and persistent in their efforts to reach out to them.

1.  **Vietnamese Group Hacks and Sells Bedroom Camera Footage**
2.  **Vietnamese man hacked Aussie airport systems; stole security data**
3.  **Fake ChatGPT and AI pages on Facebook are spreading infostealers**
4.  **New Phishing Scam Hooks META Businesses with Trademark Threats**
5.  **Provocative Facebook Ads Leveraged to Deliver NodeStealer Malware**

Linked Oculus Accounts Trigger Facebook and Instagram Suspension

This week on the Lock and Code podcast, we speak with Joseph Cox about how an OnlyFake-generated fake ID fooled a cryptocurrency exchange.

_This week on the Lock and Code podcast…_

For decades, fake IDs had roughly three purposes: Buying booze before legally allowed, getting into age-restricted clubs, and, we can only assume, completing nation-state spycraft for embedded informants and double agents.

In 2024, that’s changed, as the uses for fake IDs have become enmeshed with the internet.

Want to sign up for a cryptocurrency exchange where you’ll use traditional funds to purchase and exchange digital currency? You’ll likely need to submit a _photo_ of your real ID so that the cryptocurrency platform can ensure you’re a real user. What about if you want to watch porn online in the US state of Louisiana? It’s a niche example, but because of a law passed in 2022, you will likely need to submit, again, a _photo_ of your state driver’s license to a separate ID verification mobile app that then connects with porn sites to authorize your request.

The discrepancies in these end-uses are stark; cryptocurrency and porn don’t have too much in common with Red Bull vodkas and, to pick just one example, a Guatemalan coup. But there’s something else happening here that reveals the subtle differences between yesteryear’s fake IDs and today’s, which is that modern ID verification doesn’t need a physical ID card or passport to work—it can sometimes function only with an _image_.

Last month, the technology reporting outfit 404 Media investigated an online service called OnlyFake that claimed to use artificial intelligence to pump out _images_ of fake IDs. By filling out some bogus personal information, like a made-up birthdate, height, and weight, OnlyFake would provide convincing images of real forms of ID, be they driver’s licenses in California or passports from the US, the UK, Mexico, Canada, Japan, and more. Those images, in turn, could then be used to fraudulently pass identification checks on certain websites.

When 404 Media co-founder and reporter Joseph Cox learned about OnlyFake, he tested whether an image of a fake passport he generated could be used to authenticate his identity with an online cryptocurrency exchange.

In short, it did.

By creating a fraudulent British passport through OnlyFake, Joseph Cox—or as his fake ID said, “David Creeks”—managed to verify his false identity when creating an account with the cryptocurrency market OKX.

Today, on the Lock and Code podcast with host David Ruiz, we speak with Cox about the believability of his fake IDs, the AI claims and limitations of OnlyFake, what’s in store for the future of the site— which went dark after Cox’s report—and what other types of fraud are now dangerously within reach for countless threat actors.

> Making fake IDs, even photos of fake IDs, is a very particular skill set—it’s like a trade in the criminal underground. You don’t need that anymore.
> 
> Joseph Cox, 404 Media co-founder

Tune in today to listen to the full conversation.

_Show notes and credits:_

Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)  
Licensed under Creative Commons: By Attribution 4.0 License  
http://creativecommons.org/licenses/by/4.0/  
Outro Music: “Good God” by Wowa (unminus.com)

**Listen up—Malwarebytes doesn’t just talk cybersecurity, we provide it.**

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being with our exclusive offer for Malwarebytes Premium for Lock and Code listeners.

 How to make a fake ID online, with Joseph Cox: Lock and Code S05E05 

Gentoo Linux Security Advisory 202402-32 - A vulnerability has been discovered in btrbk which can lead to remote code execution. Versions greater than or equal to 0.31.2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-32  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: btrbk: Remote Code Execution  
     Date: February 26, 2024  
     Bugs: #806962  
       ID: 202402-32

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in btrbk which can lead to remote  
code execution.

Background  
==========

btrbk is a backup tool for btrfs subvolumes, taking advantage of btrfs  
specific capabilities to create atomic snapshots and transfer them  
incrementally to your backup locations.

Affected packages  
=================

Package           Vulnerable    Unaffected  
----------------  ------------  ------------  
app-backup/btrbk  < 0.31.2      >= 0.31.2

Description  
===========

A vulnerability has been discovered in btrbk. Please review the CVE  
identifier referenced below for details.

Impact  
======

Specialy crafted commands may be executed without being propely checked.  
Applies to remote hosts filtering ssh commands using ssh_filter_btrbk.sh  
in authorized_keys.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All btrbk users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-backup/btrbk-0.31.2"

References  
==========

[ 1 ] CVE-2021-38173  
      https://nvd.nist.gov/vuln/detail/CVE-2021-38173

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-32

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-32

Gentoo Linux Security Advisory 202402-31 - A vulnerability has been discovered in GNU Aspell which leads to a heap buffer overflow. Versions greater than or equal to 0.60.8-r3 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-31  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: GNU Aspell: Heap Buffer Overflow  
     Date: February 26, 2024  
     Bugs: #803113  
       ID: 202402-31

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in GNU Aspell which leads to a heap  
buffer overflow.

Background  
==========

GNU Aspell is a popular spell-checker. Dictionaries are available for  
many languages.

Affected packages  
=================

Package          Vulnerable    Unaffected  
---------------  ------------  ------------  
app-text/aspell  < 0.60.8-r3   >= 0.60.8-r3

Description  
===========

Multiple vulnerabilities have been discovered in GNU Aspell. Please  
review the CVE identifiers referenced below for details.

Impact  
======

GNU Aspell has a heap-based buffer overflow in  
acommon::ObjStack::dup_top (called from acommon::StringMap::add and  
acommon::Config::lookup_list)

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All aspell users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-text/aspell-0.60.8-r3"

References  
==========

[ 1 ] CVE-2019-25051  
      https://nvd.nist.gov/vuln/detail/CVE-2019-25051

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-31

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-31

Gentoo Linux Security Advisory 202402-30 - A vulnerability has been found in Glances which may lead to arbitrary code execution. Versions greater than or equal to 3.1.7 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-30  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Glances: Arbitrary Code Execution  
     Date: February 26, 2024  
     Bugs: #791565  
       ID: 202402-30

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been found in Glances which may lead to arbitrary  
code execution.

Background  
==========

Glances is an open-source system cross-platform monitoring tool. It  
allows real-time monitoring of various aspects of your system such as  
CPU, memory, disk, network usage etc.

Affected packages  
=================

Package              Vulnerable    Unaffected  
-------------------  ------------  ------------  
sys-process/glances  < 3.1.7       >= 3.1.7

Description  
===========

A vulnerability in XML parsing may lead to a variety of XML attacks.

Impact  
======

A vulnerability in XML parsing may lead to a variety of XML attacks.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Glances users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=sys-process/glances-3.1.7"

References  
==========

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-30

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-30

Ubuntu Security Notice 6651-1 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-6651-1February 23, 2024linux, linux-aws, linux-gcp, linux-hwe-6.5, linux-laptop, linux-oracle,linux-raspi, linux-starfive vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.10- Ubuntu 22.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-laptop: Linux kernel for Lenovo X13s ARM laptops- linux-oracle: Linux kernel for Oracle Cloud systems- linux-raspi: Linux kernel for Raspberry Pi systems- linux-starfive: Linux kernel for StarFive processors- linux-hwe-6.5: Linux hardware enablement (HWE) kernelDetails:It was discovered that a race condition existed in the ATM (AsynchronousTransfer Mode) subsystem of the Linux kernel, leading to a use-after-freevulnerability. A local attacker could use this to cause a denial of service(system crash) or possibly execute arbitrary code. (CVE-2023-51780)It was discovered that a race condition existed in the AppleTalk networkingsubsystem of the Linux kernel, leading to a use-after-free vulnerability. Alocal attacker could use this to cause a denial of service (system crash)or possibly execute arbitrary code. (CVE-2023-51781)Zhenghan Wang discovered that the generic ID allocator implementation inthe Linux kernel did not properly check for null bitmap when releasing IDs.A local attacker could use this to cause a denial of service (systemcrash). (CVE-2023-6915)Robert Morris discovered that the CIFS network file system implementationin the Linux kernel did not properly validate certain server commandsfields, leading to an out-of-bounds read vulnerability. An attacker coulduse this to cause a denial of service (system crash) or possibly exposesensitive information. (CVE-2024-0565)Jann Horn discovered that the io_uring subsystem in the Linux kernel didnot properly handle the release of certain buffer rings. A local attackercould use this to cause a denial of service (system crash) or possiblyexecute arbitrary code. (CVE-2024-0582)Jann Horn discovered that the TLS subsystem in the Linux kernel did notproperly handle spliced messages, leading to an out-of-bounds writevulnerability. A local attacker could use this to cause a denial of service(system crash) or possibly execute arbitrary code. (CVE-2024-0646)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.10:   linux-image-6.5.0-1008-starfive  6.5.0-1008.9   linux-image-6.5.0-1010-laptop   6.5.0-1010.13   linux-image-6.5.0-1011-raspi    6.5.0-1011.14   linux-image-6.5.0-1014-aws      6.5.0-1014.14   linux-image-6.5.0-1014-gcp      6.5.0-1014.14   linux-image-6.5.0-1016-oracle   6.5.0-1016.16   linux-image-6.5.0-21-generic    6.5.0-21.21   linux-image-6.5.0-21-generic-64k  6.5.0-21.21   linux-image-aws                 6.5.0.1014.14   linux-image-gcp                 6.5.0.1014.14   linux-image-generic             6.5.0.21.20   linux-image-generic-64k         6.5.0.21.20   linux-image-generic-lpae        6.5.0.21.20   linux-image-kvm                 6.5.0.21.20   linux-image-laptop-23.10        6.5.0.1010.13   linux-image-oracle              6.5.0.1016.16   linux-image-raspi               6.5.0.1011.12   linux-image-raspi-nolpae        6.5.0.1011.12   linux-image-starfive            6.5.0.1008.10   linux-image-virtual             6.5.0.21.20Ubuntu 22.04 LTS:   linux-image-6.5.0-21-generic    6.5.0-21.21~22.04.1   linux-image-6.5.0-21-generic-64k  6.5.0-21.21~22.04.1   linux-image-generic-64k-hwe-22.04  6.5.0.21.21~22.04.11   linux-image-generic-hwe-22.04   6.5.0.21.21~22.04.11   linux-image-virtual-hwe-22.04   6.5.0.21.21~22.04.11After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6651-1   CVE-2023-51780, CVE-2023-51781, CVE-2023-6915, CVE-2024-0565,   CVE-2024-0582, CVE-2024-0646Package Information:   https://launchpad.net/ubuntu/+source/linux/6.5.0-21.21   https://launchpad.net/ubuntu/+source/linux-aws/6.5.0-1014.14   https://launchpad.net/ubuntu/+source/linux-gcp/6.5.0-1014.14   https://launchpad.net/ubuntu/+source/linux-laptop/6.5.0-1010.13   https://launchpad.net/ubuntu/+source/linux-oracle/6.5.0-1016.16   https://launchpad.net/ubuntu/+source/linux-raspi/6.5.0-1011.14   https://launchpad.net/ubuntu/+source/linux-starfive/6.5.0-1008.9   https://launchpad.net/ubuntu/+source/linux-hwe-6.5/6.5.0-21.21~22.04.1

Ubuntu Security Notice USN-6651-1

Ubuntu Security Notice 6654-1 - It was discovered that Roundcube Webmail incorrectly sanitized characters in the linkrefs text messages. An attacker could possibly use this issue to execute a cross-site scripting attack.

==========================================================================  
Ubuntu Security Notice USN-6654-1  
February 26, 2024

roundcube vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 22.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 20.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

Roundcube Webmail could allow cross-site scripting (XSS) attacks.

Software Description:  
- roundcube: skinnable AJAX based webmail solution for IMAP servers

Details:

It was discovered that Roundcube Webmail incorrectly sanitized characters  
in the linkrefs text messages. An attacker could possibly use this issue to  
execute a cross-site scripting (XSS) attack. (CVE-2023-43770)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10:  
  roundcube                       1.6.2+dfsg-1ubuntu0.1  
  roundcube-core                  1.6.2+dfsg-1ubuntu0.1

Ubuntu 22.04 LTS (Available with Ubuntu Pro):  
  roundcube                       1.5.0+dfsg.1-2ubuntu0.1~esm2  
  roundcube-core                  1.5.0+dfsg.1-2ubuntu0.1~esm2

Ubuntu 20.04 LTS (Available with Ubuntu Pro):  
  roundcube                       1.4.3+dfsg.1-1ubuntu0.1~esm3  
  roundcube-core                  1.4.3+dfsg.1-1ubuntu0.1~esm3

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
  roundcube                       1.3.6+dfsg.1-1ubuntu0.1~esm3  
  roundcube-core                  1.3.6+dfsg.1-1ubuntu0.1~esm3

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
  roundcube                       1.2~beta+dfsg.1-0ubuntu1+esm3  
  roundcube-core                  1.2~beta+dfsg.1-0ubuntu1+esm3

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6654-1  
  CVE-2023-43770

Package Information:  
  https://launchpad.net/ubuntu/+source/roundcube/1.6.2+dfsg-1ubuntu0.1

Ubuntu Security Notice USN-6654-1

By Deeba Ahmed
Avast Hit with $16.5 Million Fine, Settles with FTC Over Deceptive Data Practices, Forced to Delete User Information
This is a post from HackRead.com Read the original post: Avast Fined Millions for Selling User Browsing Data

Avast, a popular antivirus software, has been fined $16.5 million for selling user browsing data despite claims of protecting privacy. The FTC accused them of misleading users and selling sensitive information without consent. Avast agreed to settle, stop selling data, and delete user information.

The US Federal Trade Commission (FTC) has imposed a $16.5 million fine on Avast Limited, **Avast Software,** and Jumpshot for deceiving users by claiming its software would eliminate web tracking but doing the tracking itself.

It is worth noting that, the Prague, Czech Republic-based anti-malware and cybersecurity vendor stored the data indefinitely and sold it without consumers’ consent or notice while promising users exemplary privacy protection.

This development reflects the continuation of the FTC’s crackdown on companies involved in deceptive data privacy practices. In January 2024, it reached a **settlement** with Outlogic to prevent selling information for tracking user locations and **banned** InMarket from selling precise user locations.

The FTC’s Director of Consumer Protection, Samuel Levine, criticized Avast’s bait-and-switch surveillance tactics for violating consumer privacy.

In its complaint, available **here** (PDF), the FTC revealed that cybersecurity software company Avast collected consumers’ browsing information through its browser extensions and antivirus software, including Avast Extensions, Avast Secure Browser, Avast Mobile Software, and Avast Desktop Software. The FTC accused Avast of selling its data to over 100 third parties via Jumpshot.

For your information, in 2013, Avast acquired competitor Jumpshot, rebranded as an analytics company, and sold browsing information collected from consumers from 2014 to 2020 through it. The FTC accused Jumpshot of offering products that enabled user tracking and associating browsing histories with third-party information.

Jumpshot entered a contract with Omnicom, offering an “All Clicks Feed” for 50% of customers in the US, UK, Mexico, Australia, Canada, and Germany, and earned millions in gross revenues. Avast’s dubious data privacy practices were exposed in 2020 in a joint investigation, leading to the **shutdown of Jumpshot**.

Reportedly, the company collected data on religious beliefs, health concerns, political views, locations, and financial status from 2014 to 2020. The FTC found Avast failed to adequately anonymize browsing information despite the company claiming otherwise.

FTC also discovered that Avast sold data with unique identifiers for each browser, which exposed crucial data like visited websites, timestamps, user location, and the type of device and browser.

Avast agreed to settle the case with the FTC, paying $16.5 million. The order also requires Avast to stop selling or licensing browsing data to advertisers, delete all data obtained by Jumpshot, and notify affected customers of the sale.

How Jumpshot functioned

Avast’s spokesperson, Jeff Monney, reaffirmed the company’s commitment to protecting and empowering users’ digital lives, citing disagreement on the allegations while opting for a settlement.

Data privacy violations can lead to significant financial consequences for companies like Avast, including fines, lawsuits, lost business, reputational damage, and negative press coverage. Regulatory bodies enforce data privacy laws and can sue companies, resulting in further financial losses and legal costs, as evident in Avast’s case.

****RELATED ARTICLES****

1.  **HelloFresh Fined £140,000 for 80 Million Spam Messages**
2.  **Unreleased Music Stolen and Sold on Dark Web: Hacker Fined**
3.  **Google Incognito Mode: New Disclaimer Reveals Data Tracking**
4.  **Meta Fined €265 million in Facebook Data Scraping Case in the EU**
5.  **Sephora Fined $1.2 Million for Breaching CCPA and Selling User Data**
6.  **Apple and Samsung fined millions for slowing down old smartphones**

Avast Fined Millions for Selling User Browsing Data

Backdoor.Win32.AutoSpy.10 malware suffers from a remote command execution vulnerability.

    Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024Original source: https://malvuln.com/advisory/b012704cad2bae6edbd23135394b9127.txtContact: malvuln13@gmail.comMedia: twitter.com/malvulnThreat: Backdoor.Win32.AutoSpy.10Vulnerability: Unauthenticated Remote Command ExecutionDescription: The malware listens on TCP port 1008. Third party adversaries who can reach an infected host can issue various commands made available by the backdoor. Command "startapp" will run programs, "msgbox" will send a popup box to message the victim. The "hangup victim" cmd will cause infinite notepad.exe processes to open on the affected machine. Other commands avail are "info tick" which returns system information, "kill" [file] etc.Family: AutoSpyType: PE32MD5: b012704cad2bae6edbd23135394b9127Vuln ID: MVID-2024-0671Disclosure: 02/24/2024Exploit/PoC:C:\sec>nc64.exe x.x.x.x 1008startapp "c:\Windows\System32\mspaint.exe"Application started...startapp "c:\Windows\System32\calc.exe"Application started...msgbox hateMessagebox shown...info tickProduct Name       :Product ID         :Product Type       :User Organization  :User Name          :System Root        :Version            :Version Number     :Sub Version Number :Computer Name      : DESKTOP-2C4IJHOTime Zone          : @tzres.dll,-112Network Logon      :beep BeepBeep send...hangup victimDisclaimer: The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. Do not attempt to download Malware samples. The author of this website takes no responsibility for any kind of damages occurring from improper Malware handling or the downloading of ANY Malware mentioned on this website or elsewhere. All content Copyright (c) Malvuln.com (TM).

Backdoor.Win32.AutoSpy.10 MVID-2024-0671 Remote Command Execution

Red Hat Security Advisory 2024-0976-03 - An update for firefox is now available for Red Hat Enterprise Linux 7. Issues addressed include a spoofing vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0976.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: firefox security update  
Advisory ID:        RHSA-2024:0976-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0976  
Issue date:         2024-02-26  
Revision:           03  
CVE Names:          CVE-2024-1546  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.8.0 ESR.

Security Fix(es):

* Mozilla: Out-of-bounds memory read in networking channels (CVE-2024-1546)

* Mozilla: Alert dialog could have been spoofed on another site (CVE-2024-1547)

* Mozilla: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 (CVE-2024-1553)

* Mozilla: Fullscreen Notification could have been hidden by select element (CVE-2024-1548)

* Mozilla: Custom cursor could obscure the permission dialog (CVE-2024-1549)

* Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants (CVE-2024-1550)

* Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts (CVE-2024-1551)

* Mozilla: Incorrect code generation on 32-bit ARM devices (CVE-2024-1552)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-1546

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2265349  
https://bugzilla.redhat.com/show_bug.cgi?id=2265350  
https://bugzilla.redhat.com/show_bug.cgi?id=2265351  
https://bugzilla.redhat.com/show_bug.cgi?id=2265352  
https://bugzilla.redhat.com/show_bug.cgi?id=2265353  
https://bugzilla.redhat.com/show_bug.cgi?id=2265354  
https://bugzilla.redhat.com/show_bug.cgi?id=2265355  
https://bugzilla.redhat.com/show_bug.cgi?id=2265356

Tag

#web