Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.

https://threatpost.com/0ktapus-victimize-130-firms/180487/

Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.

https://threatpost.com/cybercriminals-are-selling-access-to-chinese-surveillance-cameras/180478/

Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.

https://threatpost.com/twitter-whistleblower-tldr-version/180472/

Researcher shows how Instagram and Facebook’s use of an in-app browser within both its iOS apps can track interactions with external websites.

https://threatpost.com/facebook-ios-tracks-anything/180395/

Four newly discovered attack paths could lead to PII exposure, account takeover, even organizational data destruction.

https://threatpost.com/risks-okta-sso/180249/

A developer appears to have divulged credentials to a police database on a popular developer forum, leading to a breach and subsequent bid to sell 23 terabytes of personal data on the dark web.

https://threatpost.com/hbillion-records/180125/

Hackers with Amazon users’ authentication tokens could’ve stolen or encrypted personal photos and documents.

https://threatpost.com/exposed-amazon-photos/180105/

The company is warning victims in Italy and Kazakhstan that they have been targeted by the malware from Italian firm RCS Labs.

https://threatpost.com/google-hermit-spyware-android-ios/180062/

One well crafted phishing message sent via Facebook Messenger ensnared 10 million Facebook users and counting.

https://threatpost.com/acebook-messenger-scam/179977/

Attackers gained access to private account details through an email compromise incident that occurred in April.

https://threatpost.com/kaiser-permanente-breach/179949/

Researchers demonstrated a possible way to track individuals via Bluetooth signals.

https://threatpost.com/bluetooth-signals-track-smartphones/179937/

Sabre and Travelport had to report the weekly activities of former “Cardplanet” cybercriminal Aleksei Burkov for two years, info that eventually led to his arrest and prosecution.

https://threatpost.com/feds-forced-travel-firms-to-share-surveillance-data-on-hacker/179929/

Popular apps to support people’s psychological and spiritual well-being can harm them by sharing their personal and sensitive data with third parties, among other privacy offenses.

https://threatpost.com/mozilla-security-health-apps-creepy/179463/

In this time of unprecedented cyberwar, organizations must protect the personal digital lives of their executives in order to reduce the company’s risk of direct or collateral damage.

https://threatpost.com/protect-executives-cybersecurity/179324/

One cryptography expert said that ‘serious flaws’ in the way Samsung phones encrypt sensitive material, as revealed by academics, are ‘embarrassingly bad.’

https://threatpost.com/samsung-shattered-encryption-on-100m-phones/178606/

The attacks, which lead to 2FA defeat and account takeover, have accelerated by several hundred percent in one year, leading to thousands of drained bank accounts.

https://threatpost.com/sharp-sim-swapping-spike-losses/178358/

Researchers from Proofpoint have spotted a new Middle East-targeted phishing campaign that delivers a novel malware dubbed NimbleMamba.

https://threatpost.com/molerats-apt-trojan-cyberespionage-campaign/178305/

The now-patched flaw that led to the ForcedEntry exploit of iPhones was exploited by both NSO Group and a different, newly detailed surveillance vendor.

https://threatpost.com/quadream-israeli-spyware-weaponized-iphone-bug/178252/

The ‘smishing’ group lives up to its name, expanding globally and adding image exfiltration to the Wroba RAT it uses to infect mobile victims.

https://threatpost.com/roaming-mantis-android-backdoor-europe/178247/

The usual tax-season barrage of cybercriminal activity is already underway with a phishing campaign impersonating the popular accounting and tax-filing software.

https://threatpost.com/attackers-intuit-cancel-tax-accounts/178219/