Hostrisk

Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.

favicon

(threatpost.com)

Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.

Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.

favicon

(threatpost.com)

Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.

Twitter Whistleblower Complaint: The TL;DR Version

Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.

favicon

(threatpost.com)

Researcher shows how Instagram and Facebook’s use of an in-app browser within both its iOS apps can track interactions with external websites.

Facebook’s In-app Browser on iOS Tracks ‘Anything You Do on Any Website’

Researcher shows how Instagram and Facebook’s use of an in-app browser within both its iOS apps can track interactions with external websites.

favicon

(threatpost.com)

Four newly discovered attack paths could lead to PII exposure, account takeover, even organizational data destruction.

Authentication Risks Discovered in Okta Platform

Four newly discovered attack paths could lead to PII exposure, account takeover, even organizational data destruction.

favicon

(threatpost.com)

A developer appears to have divulged credentials to a police database on a popular developer forum, leading to a breach and subsequent bid to sell 23 terabytes of personal data on the dark web.

Human Error Blamed for Leak of 1 Billion Records of Chinese Citizens

A developer appears to have divulged credentials to a police database on a popular developer forum, leading to a breach and subsequent bid to sell 23 terabytes of personal data on the dark web.

favicon

(threatpost.com)

Hackers with Amazon users’ authentication tokens could’ve stolen or encrypted personal photos and documents.

Leaky Access Tokens Exposed Amazon Photos of Users

Hackers with Amazon users’ authentication tokens could’ve stolen or encrypted personal photos and documents.

favicon

(threatpost.com)

The company is warning victims in Italy and Kazakhstan that they have been targeted by the malware from Italian firm RCS Labs.

Google Warns Spyware Being Deployed Against Android, iOS Users

The company is warning victims in Italy and Kazakhstan that they have been targeted by the malware from Italian firm RCS Labs.

favicon

(threatpost.com)

One well crafted phishing message sent via Facebook Messenger ensnared 10 million Facebook users and counting.

Facebook Messenger Scam Duped Millions

One well crafted phishing message sent via Facebook Messenger ensnared 10 million Facebook users and counting.

favicon

(threatpost.com)

Attackers gained access to private account details through an email compromise incident that occurred in April.

Kaiser Permanente Exposes Nearly 70K Medical Records in Data Breach

Attackers gained access to private account details through an email compromise incident that occurred in April.

favicon

(threatpost.com)

Researchers demonstrated a possible way to track individuals via Bluetooth signals.

Bluetooth Signals Can Be Used to Track Smartphones, Say Researchers

Researchers demonstrated a possible way to track individuals via Bluetooth signals.

favicon

(threatpost.com)

Sabre and Travelport had to report the weekly activities of former “Cardplanet” cybercriminal Aleksei Burkov for two years, info that eventually led to his arrest and prosecution.

Feds Forced Travel Firms to Share Surveillance Data on Hacker

Sabre and Travelport had to report the weekly activities of former “Cardplanet” cybercriminal Aleksei Burkov for two years, info that eventually led to his arrest and prosecution.

favicon

(threatpost.com)

Popular apps to support people’s psychological and spiritual well-being can harm them by sharing their personal and sensitive data with third parties, among other privacy offenses.

Mozilla: Lack of Security Protections in Mental-Health Apps Is ‘Creepy’

Popular apps to support people’s psychological and spiritual well-being can harm them by sharing their personal and sensitive data with third parties, among other privacy offenses.

favicon

(threatpost.com)

In this time of unprecedented cyberwar, organizations must protect the personal digital lives of their executives in order to reduce the company’s risk of direct or collateral damage.

Protect Your Executives’ Cybersecurity Amidst Global Cyberwar

The importance of protecting executives' personal digital lives during cyberwar. Read more to learn about five safeguards to protect executives and the company.

favicon

(threatpost.com)

One cryptography expert said that ‘serious flaws’ in the way Samsung phones encrypt sensitive material, as revealed by academics, are ‘embarrassingly bad.’

Samsung Screwed Up Encryption on 100M Phones

One cryptography expert said that 'serious flaws' in the way Samsung phones encrypt sensitive material, as revealed by academics, are 'embarrassingly bad.'

favicon

(threatpost.com)

The attacks, which lead to 2FA defeat and account takeover, have accelerated by several hundred percent in one year, leading to thousands of drained bank accounts.

Sharp SIM-Swapping Spike Causes $68M in Losses

The attacks, which lead to 2FA defeat and account takeover, have accelerated by several hundred percent in one year, leading to thousands of drained bank accounts.

favicon

(threatpost.com)

Researchers from Proofpoint have spotted a new Middle East-targeted phishing campaign that delivers a novel malware dubbed NimbleMamba.

MoleRats APT Flaunts New Trojan in Latest Cyberespionage Campaign

Researchers from Proofpoint have spotted a new Middle East-targeted phishing campaign that delivers a novel malware dubbed NimbleMamba.

favicon

(threatpost.com)

The now-patched flaw that led to the ForcedEntry exploit of iPhones was exploited by both NSO Group and a different, newly detailed surveillance vendor.

QuaDream, 2nd Israeli Spyware Firm, Weaponizes iPhone Bug

The now-patched flaw that led to the ForcedEntry exploit of iPhones was exploited by both NSO Group and a different, newly detailed surveillance vendor.

favicon

(threatpost.com)

The ‘smishing’ group lives up to its name, expanding globally and adding image exfiltration to the Wroba RAT it uses to infect mobile victims.

Roaming Mantis Expands Android Backdoor to Europe

The 'smishing' group lives up to its name, expanding globally and adding image exfiltration to the Wroba RAT it uses to infect mobile victims.

favicon

(threatpost.com)

The usual tax-season barrage of cybercriminal activity is already underway with a phishing campaign impersonating the popular accounting and tax-filing software.

Attackers Target Intuit Users by Threatening to Cancel Tax Accounts

The usual tax-season barrage of cybercriminal activity is already underway with a phishing campaign impersonating the popular accounting and tax-filing software.

favicon

(threatpost.com)