Facebook Removed Tens of Thousands of Apps Post-Cambridge Analytica
Facebook said it has suspended and banned tens of thousands of apps on its platform after its investigation, launched after Cambridge Analytica, into how they collect and use data.
Threatpost
Forcepoint VPN Client is Vulnerable to Privilege Escalation Attacks
Forcepoint has fixed a privilege escalation vulnerability in its VPN Client for Windows.
News Wrap: Emotet’s Return, U.S. Vs. Snowden, Physical Pen Testers Arrested
Threatpost editors discuss the return of Emotet, a new lawsuit against Edward Snowden and more.
Mattress Company Leaks Data Records of 387K Customers
A database lacking password protection exposed sensitive data of customers of Milwaukee-based mattress company Verlo Mattress.
Payment Card Breach Hits 8 Cities Using Vulnerable Bill Portal
Eight cities have been hit by a data breach targeting payment cards.
Microsoft Silent Update Torpedoes Windows Defender
Microsoft broke its built-in antivirus utility, thanks to a patch for a different issue.
These Hacks Require Literally Sneaking in the Backdoor
An on premise hacker can cripple even the best cybersecurity defenses.
Smart TVs, Subscription Services Leak Data to Facebook, Google
Researchers discovered that smart TVs from Samsung, LG and others are sending sensitive user data to partner tech firms even when devices are idle.
Marc Rogers: Success of Anonymous Bug Submission Program ‘Takes A Village’
Marc Rogers discusses the logistics behind a recently-proposed anonymous bug submission program, meant to encourage ethical hackers to submit high-level bugs anonymously.
IRS Emails Promise a Refund But Deliver Botnet Recruitment
The fake emails direct victims to log into a bogus IRS site.
Rethinking Responsibilities and Remedies in Social-Engineering Attacks
The idea that humans are the weakest link shouldn't guide the thinking on social-engineering defense.
Emotet Returns from Summer Vacation, Ramps Up Stolen Email Tactic
The ever-changing malware is jumping in the middle of people's existing email conversations to spread itself without suspicion.
Edward Snowden Sued by U.S. Over New Memoir
The U.S. is attempting to seize any assets related to Edward Snowden's new memoir, Permanent Record.
New! RFP Template for Selecting EDR/EPP and APT Security
Cynet’s new RFP templates clearly lay out the requirements for securing potential APT vectors.
Massive Gaming DDoS Exploits Widespread Technology
The attack -- the 4th-largest the company has ever encountered -- leveraged WS-Discovery, which is found "everywhere."
Malware Moves: The Rise of LookBack – And Return of Emotet
The malware landscape is constantly changing; including a rise in a new malware called LookBack, as well as anticipation over the return of the Emotet and Retefe malware families.
Panda Threat Group Mines for Monero With Updated Payload, Targets
Though harboring unsophisticated payloads, the Panda threat group has updated its tactics - from targets to infrastructure - and successfully mined hundreds of thousands of dollars using cryptomining malware.
AMD Radeon Graphics Cards Open VMware Workstations to Attack
Bug impacts VMware Workstation 15 running 64-bit versions of Windows 10 as the guest VM.
Cisco Extends Patch for IPv6 DoS Vulnerability
The bug was first found in 2016.
Google Calendar Settings Gaffes Exposes Users’ Meetings, Company Details
A configuration setting in Google Calendars does not sufficiently warn users that it makes their calendars public to all, a researcher argues.
The First Stop For Security News
Subscribe to Threatpost feed