Bumble fumble: An API bug exposed personal information of users like political leanings, astrological signs, education, and even height and weight, and their distance away in miles. | Continue reading
The videoconferencing giant has upped the ante on cybersecurity with three fresh disruption controls. | Continue reading
Attackers can exploit the feature and send people’s data directly to remote servers, posing a privacy and security risk, researchers said. | Continue reading
A banking trojan is targeting mobile app users in Brazil – and researchers warn that its operator has big plans to expand abroad. | Continue reading
The newly discovered malware uses GitHub and Pastebin to house component code, and harbors 12 different initial attack vectors. | Continue reading
Google Project Zero disclosed the bug before a patch becomes available from Microsoft. | Continue reading
Hundreds of medical patients taking cancer drugs, Premarin, Lyrica and more are now vulnerable to phishing, malware and identity fraud. | Continue reading
Companies that use Broadvoice's cloud-based VoIP platform may find their patients, customers, suppliers and partners to be impacted by a massive data exposure. | Continue reading
The P2P malware is infecting any and all types of endpoints via brute-forcing, with 10 versions targeting desktops, laptops, mobile and IoT devices. | Continue reading
Ethical hackers so far have earned nearly $300K in payouts from the Apple bug-bounty program for discovering 55 bugs, 11 of them critical, during a three-month hack. | Continue reading
A researcher said he discovered an open data cache with names, grades, birthdates and more, after the Clark County School District refused to pay the ransom. | Continue reading
The attack featured a unique, multistage malware and a likely PulseSecure VPN exploit. | Continue reading
Patches and workaround fixes address flaws on networking hardware running Cisco IOS XE software. | Continue reading
Privacy fears are blasting off after Amazon's Ring division unveiled the new Always Home Cam, a smart home security camera drone. | Continue reading
Anyone on the same Wi-Fi network can force websites to launch, with no user interaction. | Continue reading
Data exposed included search terms, location coordinates, and device information – but no personal data. | Continue reading
Using a legitimate tool called Weave Scope, the cybercrime group is establishing fileless backdoors on targeted Docker and Kubernetes clusters. | Continue reading
New opt-in COVID-19 Exposure Notifications Express systems baked into Apple’s iOS and available on Android need privacy guardrails, say privacy advocates. | Continue reading
Cyberattacks have caused several school systems to delay students' first day back – and experts warn that new COVID-related delays could be the new "snow days." | Continue reading
The malware harvests AWS credentials and installs Monero cryptominers. | Continue reading
The RAT has been distributed in various campaigns over the past six months, targeting both European officials and Tibetan dissidents. | Continue reading
U.S. agencies must implement vulnerability disclosure policies by March 2021, according to a new CISA mandate. | Continue reading
KryptoCibule spreads via pirated software and game torrents. | Continue reading
A Tesla employee was reportedly approached by a Russian national and asked to install malware on the company's systems. | Continue reading
While privacy experts praised Apple’s upcoming iOS 14 updates, Facebook said the new features could cut its advertising business in half. | Continue reading
Complaint details collaboration with China to funnel $250m in stolen funds as part of state-sponsored attacks. | Continue reading
Former Cisco employee Sudhish Kasaba Ramesh admitted to accessing Cisco’s cloud infrastructure and deleting 16,000 Webex Teams employee accounts. | Continue reading
Up to 200,000 patient records from Office 365 and Google G Suite exposed by hardcoded credentials and other improper access controls. | Continue reading
Up to 61 percent out of the IATA (International Air Transport Association) airline members also do not have a published DMARC record. | Continue reading
A never before seen malware has been used for espionage purposes via Linux systems, warn the NSA and FBI in a joint advisory. | Continue reading
Researchers disclosed flaws in Amazon Alexa that could allow attackers to access personal data and install skills on Echo devices. | Continue reading
App concealed the practice of gathering device unique identifiers using an added layer of encryption. | Continue reading
Researchers went into detail about the discovery and disclosure of 19 security flaws they found in Mercedes-Benz vehicles, which have all been fixed. | Continue reading
The ransomware has surged since moving to a RaaS model. | Continue reading
An XSS bug and a PHP object-injection vulnerability are present in a plugin used by hundreds of thousands of websites. | Continue reading
The potential FTC fine comes after Twitter last year acknowledged that user emails and phone numbers were being used for targeted advertising. | Continue reading
The ransom for the decryptor key in the WastedLocker attack could have topped $10 million, sources said. | Continue reading
A Dutch elected official is among those whose DMs were hijacked, the company said. | Continue reading
With limited confirmed information, a raft of theories and circumstantial evidence has come to light as to who was behind the attack and how they carried it out. | Continue reading
Exploitation of the bug can allow an attacker to lift sensitive information, delete files, execute code, carry out sabotage and more. | Continue reading
Researchers said that the issue is exploitable on Windows 7 and earlier. | Continue reading
The Cerberus malware can steal banking credentials, bypass security measures and access text messages. | Continue reading
Unprecedented amounts of data for accessing bank accounts and streaming services are being flogged on the dark web. | Continue reading
Admins should patch their Citrix ADC and Gateway installs immediately. | Continue reading
The increasingly prevalent GuLoader malware has been traced back to a far-reaching encryption service that attempts, according to researchers. | Continue reading
The patches fix two separate RCE bugs in Windows Codecs that allow hackers to exploit playback of multimedia files. | Continue reading
Four-year investigation shuts down EncroChat and busts 746 alleged criminals for planning murders, selling drugs and laundering money. | Continue reading
Comparitech’s Paul Bischoff found that Amazon’s facial recognition platform misidentified an alarming number of people, and was racially biased. | Continue reading