Cybersecurity News
G Suite Marketplace primed for a privacy scandal, researchers warn
G Suite apps that have access to Drive and Gmail data found communicating with undisclosed external services.02 June 2020
Amtrak discloses data breach, potential leak of customer account data
The rail service says that customer PII may have been compromised.02 June 2020
VMware Cloud Director vulnerability could lead to hijack of enterprise server infrastructure
The security flaw handed over the keys to enterprise infrastructure.02 June 2020
Data on Indian Mobile Payments App Reportedly Exposed via Open S3 Bucket
Over 7 million records exposed, according to vpnMentor, but app maker says there is no sign of malicious use.01 June 2020
Apple Pays Researcher $100,000 for Critical Vulnerability
Apple has fixed a flaw in the "Sign in with Apple" feature that could have enabled attackers to break into user accounts for third-party services.01 June 2020
White House says security incidents at US federal agencies went down in 2019
US federal agencies reported 28,581 cyber-security incidents in 2019, down by 8% from 31,107 in 2018.01 June 2020
26 IoT Flaws Enable Denial-of-Service Attacks, Privilege Escalation
Research details vulnerabilities in the Zephyr Real Time Operating Systems and MCUboot, both used in IoT devices and sensors.01 June 2020
After a breach, users rarely change their passwords, study finds
Only a third of users changed their password following a data breach.01 June 2020
Rare NSA Advisory About Russia-Based Cyberattacks Unlikely to Stop Them
The Sandworm group -- behind disinformation and election-hacking campaigns and responsible for a 2016 power outage in the Ukraine -- is now targeting e-mail servers.01 June 2020
Apple Pays $100K Bounty for Critical ‘Sign in With Apple’ Flaw
Apple has fixed a critical flaw in its Sign in with Apple feature, which could have been abused by attackers to takeover victims' third-party applications.
01 June 2020
Minneapolis Police Department Hack Likely Fake, Says Researcher
Troy Hunt said that the supposed data breach perpetrated by Anonymous is most likely a hoax.
01 June 2020
Bug in ‘Sign in with Apple’ could have allowed account hijacking
The tech giant rewards the bug bounty hunter who found the severe flaw in its login mechanism with US$100,000
The post Bug in ‘Sign in with Apple’ could have allowed account hijacking appeared first on WeLiveSecurity
01 June 2020
Hosting Provider’s Database of Crooked Customers Leaked
Database of sensitive info, including emails and passwords, from owners of Daniel’s Hosting portals could be incriminating.
01 June 2020
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Without the right tools and with not enough cybersecurity pros to fill the void, the talent gap will continue to widen.01 June 2020
Researcher lands $100,000 reward for ‘Sign in with Apple’ authentication bypass bug
User accounts could be hijacked through missing validation processes on Apple servers.01 June 2020
3 things to discuss with your kids before they join social media
What are some of the key things your children should know about before they make their first foray into social media?
The post 3 things to discuss with your kids before they join social media appeared first on WeLiveSecurity
01 June 2020
Joomla team discloses data breach
Joomla says a team member left an unencrypted backup of the JRD portal on a private AWS S3 bucket.31 May 2020
Hacker leaks database of dark web hosting provider
Leaked data contains email addresses, site admin passwords, and .onion domain private keys.31 May 2020
Career Choice Tip: Cybercrime is Mostly Boring
When law enforcement agencies tout their latest cybercriminal arrest, the defendant is often cast as a bravado outlaw engaged in sophisticated, lucrative, even exciting activity. But new research suggests that as cybercrime has become dominated by pay-for-service offerings, the vast majority of day-to-day activity needed to support these enterprises is in fact mind-numbingly boring and tedious, and that highlighting this reality may be a far more effective way combat cybercrime and steer offenders toward a better path.29 May 2020
Bank of America Security Incident Affects PPP Applicants
The incident occurred when Paycheck Protection Program applications were uploaded to a test platform and accidentally shared.29 May 2020