Some sites, including Facebook, add parameters to the web address for tracking purposes. These parameters have no functionality that is relevant to the user, but sites rely on them to track users across pages and properties.

Mozilla introduced support for URL stripping in Firefox 102, which it launched in June 2022. Firefox removes tracking parameters from web addresses automatically, but only in private browsing mode or when the browser’s Tracking Protection feature is set to strict. Firefox users may enable URL stripping in all Firefox modes, but this requires manual configuration. Brave Browser strips known tracking parameters from web addresses as well.

Facebook has responded by encrypting the entire URL into a single ciphertext blob.

Since it is no longer possible to identify the tracking part of the web address, it is no longer possible to remove it from the address automatically. In other words: Facebook has the upper hand in regards to URL-based tracking at the time, and there is little that can be done about it short of finding a way to decrypt the information.

Read More

CIS has created a more machine-friendly version of the CIS Controls Version 8 document by leveraging the OSCAL Framework.

Read More

The Security and Exchange Board of India (SEBI) has filed a first information report (FIR) about a cybersecurity incident on its email system.

According to the report, filed last week, the email accounts of 11 officials were hacked by unknown persons. SEBI officials disclosed that the incident took place while the email system was undergoing a system upgrade, reporting that no sensitive information was stolen.

The incident was first brought to the notice of Varunkumar Kishan Gopal, assistant manager of IT at SEBI (BKC), when he received a complaint from Integrated Surveillance Department (ISD) manager Abhijit Chandrakant, on 23rd May.

To read this article in full, please click here

Read More

Tor Project’s latest release promises major feature enhancements

Read More

Hiring for the role of security analyst—that workhorse of security operations—could get even harder.

Demand for the position is expected to grow, with the U.S. Bureau of Labor Statistics predicting organizations to add tens of thousands of positions through the decade, with employment for security analysts expected to grow by 33% from 2020 to 2030—much faster than the average for all occupations.

To read this article in full, please click here

Read More

Auth0’s OpenFGA project is an open source effort that undertakes to provide a universal authentication solution. FGA stands for “Fine Grained Authorization,” a granular approach to authorization modeling that is flexible enough to handle almost any imaginable use case. 

Read on for an introduction to the OpenFGA project.

Authentication vs. authorization

Authentication is concerned with who and authorization with what.  Authentication answers the question: who are you?  Authorization answers the question: given who you are, what can you do?

Both of these are essential areas of cybersecurity, but of the two, authorization presents the more demanding architectural challenge.  That is because authorization deals with more complexity and far more data points. 

To read this article in full, please click here

Read More

TJM Partnership is already in liquidation

Read More

Cloud Security Alliance claims most are already storing sensitive data there

Read More