Grindr’s Bug Bounty Pledge Doesn’t Translate to Security
At [email protected], Luta Security CEO Katie Moussouris stressed that bug bounty programs aren’t a ‘silver bullet’ for security teams.
Male Chastity Device Comes with Massive Security Flaws
Smart sex toy vulnerable to hacks, researchers say — which could expose users’ most sensitive bits (of data) to cybercriminals.
Boom! Mobile Customer Data Lost to Fullz House/Magecart Attack
The Magecart spinoff group targeted the wireless service provider in an odd choice of victim.
Microsoft Zerologon Flaw Under Attack By Iranian Nation-State Actors
Microsoft warns that the MERCURY APT has been actively exploiting CVE-2020-1472 in campaigns for the past two weeks.
COVID-19 Clinical Trials Slowed After Ransomware Attack
The attack on eResearchTechnology potentially slowed down coronavirus research worldwide, and researchers suggest a nation-state actor could be behind the incident.
APT Attack Injects Malware into Windows Error Reporting
The fileless attack uses a phishing campaign that lures victims with information about a worker’s compensation claim.
Unpatched Apple T2 Chip Flaw Plagues Macs
A researcher claims that the issue can be exploited by attackers in order to gain root access.
Post Grid WordPress Plugin Flaws Allow Site Takeovers
Team Showcase, a sister plugin, is also vulnerable to the XSS and PHP object-injection bugs — together they have 66,000 installs.
Black-T Malware Emerges From Cryptojacker Group TeamTNT
The cryptojacking malware variant builds on the TeamTNT group’s typical approach, with a few new — and sophisticated — extras.
Malware Families Turn to Legit Pastebin-Like Service
AgentTesla, LimeRAT, W3Cryptolocker and Redline Stealer are now using Paste.nrecom in spear-phishing attacks.