Author Archives: Lindsey O'Donnell

Facebook Flaw Exposes Private Photos for 6.8M Users

The bug allowed 1,500 apps built by 876 developers to view users' unposted "draft" photos.

Secure Critical Infrastructure Top of Mind for U.S.

Attacks targeting critical infrastructure system are ramping up - and defense has become a top priority for the U.S. government.

Android Trojan Targets PayPal Users

The trojan purports to be a battery optimization app - and then steals up to 1,000 euro from victims' PayPal accounts.

Operation Sharpshooter Takes Aim at Global Critical Assets

Operation Sharpshooter uses a new implant to target mainly English-speaking nuclear, defense, energy and financial companies.

Supply Chain Security: Managing a Complex Risk Profile

Experts sound off on how companies can work with their third-party suppliers and partners to secure the end-to-end supply chain.

Data Privacy Issues Trigger Soul Searching in Tech Industry

Consumers are growing angry when it comes to data misuse - but the real change will need to come from the tech industry's culture when it comes to privacy.

Biometrics: Security Solution or Issue?

Issues still exist when it comes to securing biometrics.

Google Accelerates Google+ Shutdown After New Bug Discovered

The consumer version of Google+ will now be shut down in April instead of August after a bug was found that impacts at least 50 million users.

Sextortion Emails Force Payment via GandCrab Ransomware

Emails say they contain a link with screenshots of victims' compromising activity. In reality, the link executes ransomware.

Volkswagen Giveaway Scam Peddles Ad Networks

The scam is spread via Facebook and WhatsApp messages.

ThreatList: Gift Card-Themed BEC Holiday Scams Spike

Watch out for emails about gift cards and corporate donations, researcher warn.

Australia Anti-Encryption Law Triggers Sweeping Backlash

A newly-passed Australian law could allow the government to force tech companies to create backdoors in their products.

Microsoft Calls For Facial Recognition Tech Regulation

Microsoft and the AI Now Institute are both calling for regulation as facial recognition software picks up popularity.

Facebook Defends Data Policies On Heels of Incriminating Internal Docs

The company allegedly tried to hide away new policy changes that would collect Android app users' call and message logs.

White House Facial Recognition Pilot Raises Privacy Alarms

The facial recognition pilot will identify “subjects of interest" around the White House.

Adobe Flash Zero-Day Leveraged Via Office Docs in Campaign

Adobe issued a patch for the zero-day on Wednesday.

Adobe Patches Zero-Day Vulnerability in Flash Player

The vulnerability could lead to arbitrary code execution.

Google Chrome 71 Touts 43 Fixes, Fights Ad Abuse

The browser comes with a new set of protections to block pop-ups that could lead to 'abusive experiences.'

Magecart Group Ups Ante: Now Goes After Admin Credentials

The group's skimmer has added some capabilities that steals credentials from admins.

iOS Fitness Apps Robbing Money From Apple Victims

The two apps, “Fitness Balance App” and “Calories Tracker app,” were tricking users into payments of $120.

YouTuber PewDiePie Promoted Via 50K Hacked Printers

The incident sheds light on just how insecure printers are.

Podcast: Breaking Down the Magecart Threat (Part Two)

In part two of our podcast series on Magecart, we talk to expert Yonathan Klijnsma, who has been tracking the threat for years.

Newsmaker Interview: Katie Moussouris on Improving Bug Bounty Programs

The bug bounty "queen" Katie Moussouris discusses the biggest mistakes that companies launching these programs are making.

2014 Marriott Data Breach Exposed, 500M Guests Impacted

The hackers had access to the impacted database since 2014.

Critical Zoom Flaw Lets Hackers Hijack Conference Meetings

Hackers can spoof messages, hijack screen controls and kick others out of meetings.

Hackers Breach Dunkin’ Donuts Accounts in Credential Stuffing Attack

The donut giant first noticed the attack Oct. 31.

Dell Warns of Attempted Breach on Network

The company said it has reset passwords for all Dell.com customers.

Microsoft Warns of Two Apps That Expose Private Keys

The two apps are created by headset software company Sennheiser HeadSetup.

Cisco Re-Issues Patch For High-Severity WebEx Flaw

The patch addresses a flaw in Cisco's WebEx platform that lets hackers gain elevated privileges.

Widespread Malvertising Campaign Hijacks 300 Million Sessions

Researchers say the bad actor behind the malvertising campaign is still active.

Mobile Rotexy Malware Touts Ransomware, Banking Trojan Functions

A mobile malware has accelerated its activity in 2018, launching more than 70k attacks in August through October.

Threatpost News Wrap Podcast for Nov. 23

From Ford data security speculation to the VisionDirect data breach, the Threatpost editors talk about this week's biggest stories.

Podcast: Breaking Down the Magecart Threat (Part One)

In the first part of our podcast series, we talked to Rapid7's chief data scientist about how Magecart has changed.

Podcast: Why ‘Throwing Money’ at Threats Won’t Work

How can businesses create an effective cyber defense strategy? It starts with defining success, an expert tells us.

Gmail Glitch Enables Anonymous Messages in Phishing Attacks

A glitch in the UX in Gmail allows the “from” field to be forged so there is no sender listed in the email's header.

VisionDirect Blindsided by Magecart in Data Breach

Researchers say the Magecart threat group skimmed data of VisionDirect customers using fake Google Analytics scripts.

Cryptojacking Attack Targets Make-A-Wish Foundation Website

Hackers took advantage of an unpatched Drupal vulnerability in the organization's website to launch a cryptojacking attack.

Gmail Glitch Offers Stealthy Trick for Phishing Attacks

The issue comes from how Gmail automatically files messages into the "Sent" folder.

Lock-Screen Bypass Bug Quietly Patched in Handsets

The flaw in a high-end phones and up-and-coming handsets made by top OEMs allows hackers to bypass handset lock screens in seconds.

Connected Wristwatch Allows Hackers to Stalk, Spy On Children

"Our advice is to stop using this watch" as mitigations are not available, researchers told Threatpost.

Siemens Patches Firewall Flaw That Put Operations at Risk

The industrial company on Tuesday released mitigations for eight vulnerabilities overall.

Adobe Fixes Acrobat and Reader Flaw With Publicly-Available PoC

Overall, the company released only three patches as part of its regularly-scheduled November update.