Hostrisk

Experts warn that virtual private networks are increasingly vulnerable to leaks and attack.

https://threatpost.com/vpn-exposes-data-1m/175612/

Missouri Gov. Mike Parson launched a criminal investigation of a reporter who flagged a state website that exposed 100K+ Social-Security numbers for teachers and other state employees.

https://threatpost.com/missouri-prosecute-hacker-data-leak/175501/

Effective cyber-incident response means working well with legal. Matt Dunn, associate managing director for cyber-risk at Kroll, lays out how to do it.

https://threatpost.com/incident-response-infosec-legal-relationship/175461/

An anonymous user posted a link to a 125GB torrent to 4chan yesterday, containing all of Twitch’s source code, comments going back to its inception and more.

https://threatpost.com/twitch-source-code-leaked/175359/

The Compound cryptocurrency exchange accidentally botched a platform upgrade and distributed millions in free COMP tokens to users - then threatened to dox the recipients.

https://threatpost.com/compound-defi-platform-90m/175321/

A former medical records tech stole PII that was then used to fraudulently claim DoD and VA benefits, particularly targeting disabled veterans.

https://threatpost.com/transnational-fraud-military-members/175298/

A ‘nearly impossible to analyze’ version of the malware sports a bootkit and ‘steal-everything’ capabilities.

https://threatpost.com/finspy-surveillance-kit/175068/

Income level, education and being part of a disadvantaged population all contribute to cybercrime outcomes, a survey suggests.

https://threatpost.com/women-minorities-hacked/175038/

Digital privacy rights defenders contend that geofencing warrants grab data on everyone near a crime, without cause.

https://threatpost.com/google-controversial-geofence-warrants/174938/

“Time to find out who in your family secretly ran … [a] QAnon hellhole,” said attackers who affiliated themselves with the hacktivist collective Anonymous, noting that Epik had laughable security.

https://threatpost.com/epik-confirms-hack-data/174872/

Drivers bristle under constant surveillance by artificial-intelligence (AI) tech, but Amazon says it works and boosts safety.

https://threatpost.com/amazon-driver-surveillance-cameras/174843/

The FTC’s first spyware ban nixes a company whose “slipshod” security practices led to exposure of thousands of victims’ illegally collected personal data.

https://threatpost.com/spyfone-ban-stalkerware-surveillance/169165/

The privacy-touting, end-to-end encrypted email provider erased its site’s “we don’t log your IP” boast after France sicced Swiss cops on it.

https://threatpost.com/protonmail-log-ip-address-french-activist/169242/

Pro-Kurd Facebook profiles deliver ‘888 RAT’ and ‘SpyNote’ trojans, masked as legitimate apps, to perform mobile espionage.

https://threatpost.com/bladehawk-attackers-kurds-android/169300/

Citizen Lab urges Apple users to update immediately. The new zero-click zero-day ForcedEntry flaw affects all things Apple: iPhones, iPads, Macs and Watches.

https://threatpost.com/apple-emergency-fix-nso-zero-click-zero-day/169416/