TikTok Launches Bug Bounty Program Amid Security Snafus
The move is a distinct change in direction for the app, which has been criticized and even banned for its security practices.
News Wrap: Barnes & Noble Hack, DDoS Extortion Threats and More
From a cyberattack on Barnes & Noble to Zoom rolling out end-to-end encryption, Threatpost editors break down the top security stories of the week.
Critical Magento Holes Open Online Shops to Code Execution
Adobe says the two critical flaws (CVE-2020-24407 and CVE-2020-24400) could allow arbitrary code execution as well as read or write access to the database.
FIFA 21 Blockbuster Release Gives Fraudsters an Open Field for Theft
In-game features of the just-released FIFA 21 title give scammers easy access its vast audience.
Zoom Rolls Out End-to-End Encryption After Setbacks
After backlash over false marketing around its encryption policies, Zoom will finally roll out end-to-end encryption next week.
Broadvoice Leak Exposes 350M Records, Personal Voicemail Transcripts
Companies that use Broadvoice’s cloud-based VoIP platform may find their patients, customers, suppliers and partners to be impacted by a massive data exposure.
Barnes & Noble Hack: A Reading List for Phishers and Crooks
Customers’ lists of book purchases along with email addresses and more could have been exposed — and that’s a problem.
Carnival Corp. Ransomware Attack Affects Three Cruise Lines
Hackers accessed personal information of guests, employees and crew for Carnival Cruise, Holland America and Seabourn as well as casino operations.
IAmTheKing and the SlothfulMedia malware family
On October 1, 2020, the DHS CISA agency released information about a malware family called SlothfulMedia, which they attribute to a sophisticated threat actor. We have been tracking this set of activity through our private reporting service, and we would like to provide the community with additional context. In June 2018, we published the first…
Travelex, Other Orgs Face DDoS Threats as Extortion Campaign Rages On
Organizations worldwide – including Travelex – have been sent letters threatening to launch DDoS attacks on their network unless a $230K ransom is paid.