Adrien B

Meta and Russian Yandex engaged in unprecedented internet tracking practices, likely illegal with EU data protection law. Companies designed tracking systems that exploited Android's localhost socket permissions to create covert communication channels between websites and native mobile apps, bypassing Android's app sandboxing protections. Android allows any app with internet permission to listen on localhost ports without user consent, and web browsers can access these localhost interfaces. When users visit websites containing Meta Pixel or Yandex Metrica scripts, the JavaScript tracking code sends data directly to specific localhost ports (Meta uses UDP ports 12580-12585 via WebRTC, Yandex uses TCP ports 29009-30103 via HTTP). Facebook, Instagram, and Yandex apps run background services that actively listen on these predetermined ports to receive tracking data, then link this anonymous web activity to authenticated user accounts and transmit the combined data to company servers. This technique affects billions of Android users and renders privacy protections like incognito mode, VPNs, and cookie clearing completely ineffective. Meta Pixel attempted localhost communications on over 17,000 of the top 100,000 websites, with 78% doing so without user consent. The method allows comprehensive profile building linking anonymous browsing to real identities, tracking everything from shopping to sensitive site visits. It also creates vulnerabilities where malicious apps could eavesdrop on browsing history by listening on the same localhost ports. This surveillance operated without disclosure. Following public disclosure, Meta immediately ceased the practice and removed related code while browser vendors scrambled to implement protections. The practice violates multiple GDPR and ePrivacy principles. The technique transforms supposedly anonymous first-party cookies into cross-site tracking identifiers without explicit consent, violating ePrivacy Directive requirements for cookie consent and GDPR's lawful basis for processing. By secretly linking web browsing to app-based identities, it constitutes undisclosed profiling that undermines user expectations and data minimization principles. This is a material for max #GDPR fine. https://t.co/ktHWwllWr4

The Microsoft Threat Intelligence Center (MSTIC) is looking for malware reverse engineers and security researchers to join our team! Come join our brilliant, world-class team of malware REs and intelligence researchers: Principal Security Researcher (United States): https://t.co/xIij8dMb17 Security Researcher (Canada): https://t.co/ZoJF2hmwnc Additional MSTIC openings: https://t.co/YLR0y1lTGL #mstic #reverengineering #threatintel #cybersecurity

CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed. We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website. We further recommend organizations ensure they’re communicating with CrowdStrike representatives through official channels. Our team is fully mobilized to ensure the security and stability of CrowdStrike customers.