Wednesday Newsbytes – News for You – 051822
Every day we scan the tech world for news that affects all of us who use Windows computers. Every Wednesday, we feature some of the news articles that grabbed our attention over the past week. We hope you find this week’s “Wednesday Newsbytes” informative and interesting!
A number of websites include keyloggers that covertly snag your keyboard inputs.
When you sign up for a newsletter, make a hotel reservation, or check out online, you probably take for granted that if you mistype your email address three times or change your mind and X out of the page, it doesn’t matter. Nothing actually happens until you hit the Submit button, right? Well, maybe not. As with so many assumptions about the web, this isn’t always the case, according to new research: A surprising number of websites are collecting some or all of your data as you type it into a digital form.
Researchers from KU Leuven, Radboud University, and University of Lausanne crawled and analyzed the top 100,000 websites, looking at scenarios in which a user is visiting a site while in the European Union and visiting a site from the United States. They found that 1,844 websites gathered an EU user’s email address without their consent, and a staggering 2,950 logged a US user’s email in some form. Many of the sites seemingly do not intend to conduct the data-logging but incorporate third-party marketing and analytics services that cause the behavior.
After specifically crawling sites for password leaks in May 2021, the researchers also found 52 websites in which third parties, including the Russian tech giant Yandex, were incidentally collecting password data before submission. The group disclosed their findings to these sites, and all 52 instances have since been resolved.
‘If there’s a Submit button on a form, the reasonable expectation is that it does something—that it will submit your data when you click it,’ says Güneş Acar, a professor and researcher in Radboud University’s digital security group and one of the leaders of the study. ‘We were super surprised by these results. We thought maybe we were going to find a few hundred websites where your email is collected before you submit, but this exceeded our expectations by far.’
DCRat malware targets Windows devices. And it’s cheap and popular, which makes it a problem.
A powerful form of trojan malware that offers complete backdoor access to Windows systems is being sold on underground forums for the price of a cup of coffee – and it’s being developed and maintained by one person.
Known as DCRat, the backdoor malware has existed since 2018 but has since been redesigned and relaunched.
When malware is cheap it’s often associated with only delivering limited capabilities. But DCRat – offered online for as little as $5 – unfortunately comes equipped with a variety of a functions, including the ability to steal usernames, passwords, credit card details, browser history, Telegram login credentials, Steam accounts, Discord tokens, and more.
DCRat can also take screenshots, steal clipboard contents and contains a keylogger that can track anything the victim types onto their computer. It ultimately provides cyber criminals with full access to almost everything the victim does after downloading the malware.
Internet privacy company has taken issue with both Google Topics and FLEDGE
DuckDuckGo has once again taken issue with Google’s plan to replace third-party cookies in Chrome by calling out the search giant’s new Topics and FLEDGE tracking and ad targeting methods.
While Topics uses your browsing history in Chrome to automatically collect information about your interests to share with tracking companies and other businesses, FLEDGE enables Google’s browser to target users with ads based on their browsing history.
Although Google’s intentions behind replacing third-party cookies with Topics and FLEDGE may be good, DuckDuckGo points out in a new blog post that tracking, targeting and profiling will still occur once Privacy Sandbox is rolled out in Chrome.
The company also notes that targeting in this way enables manipulation by exploiting personal vulnerabilities, discrimination since users may not see certain job posts based on their personal profiles and filter bubbles or echo chambers that can further divide people online. Additionally, Topics will be made available to third-party trackers and not just websites themselves.
At the same time, Topics can be combined with an IP address or other fingerprinting attributes so that it is easier for users to be tracked individually by third-party trackers. Although Google has promised to address this issue at some point through a so-called “privacy budget”, experts have already called the company’s approach into question.
How to opt out of Topics and FLEDGE
The easiest and simplest way for privacy-conscious users to opt out of both Topics and FLEDGE is to simply stop using Chrome by switching to another modern browser instead. While DuckDuckGo recommends using its mobile browser on iOS and Android or its recently launched Desktop browser for Mac, Brave, Vivaldi and Microsoft Edge are good Chrome alternatives as well.
Dev builds where the operating system suggests actions you can take with data you copy into the clipboard.
…Microsoft again began offering different builds in the ‘Dev’ and ‘Beta’ channels, with the beta channel receiving Windows 11 build 22621 and the Dev channel receiving Windows 11 build 25115.
With Windows 11 build 25115, Microsoft introduced the new ‘Suggested Actions’ feature, which causes an action bar to appear when you copy phone numbers, dates, or times from applications.
For example, when you copy a number, Windows 11 will ask if you want to call that number using one of your installed click-to-dial supported programs.
If you copy a date, Windows 11 prompts you to create an event in associated programs like Outlook or Calendar.
Once you select the action, Windows 11 will open the app and automatically fill in the appropriate task with the copied data.
While the data types that work with this feature are currently limited, Microsoft could easily expand them based on feedback and popularity.
Thanks for reading this week’s Wednesday Newbytes. We hope you found these articles useful, informative, interesting, and helpful. Darcy & TC