Meta warns 1M Facebook users that their account info may have been stolen by 400+ apps on the App Store and Google Play that have a “Login with Facebook” button
delete them now Priya Singh / BGR India : Meta warns against Android, iOS apps for stealing users' Facebook password Justin Luna / Neowin : Meta warns Facebook users about password-stealing Android an...
Apple releases iOS 15.3.1, iPadOS 15.3.1, and macOS Monterey 12.2.1 to fix a WebKit flaw that may have been actively exploited, its third zero-day patch in 2022
Friday, February 11, 2022 // (IG): BB //Weekly Sponsor: BLKTRIANGLE Pieter Arntz / Malwarebytes Labs : Update now! Apple fixes actively exploited zero-day Ravie Lakshmanan / The Hacker News : Apple Re...
CISA Director Jen Easterly says the Log4j flaw likely affects hundreds of millions of devices and may be the most serious bug she has seen in her career
A vulnerability in a widely used Apache library … Ncsc-Nl / GitHub : Log4j overview related software Kyle Alspach / VentureBeat : Log4j exploits attempted on 44% of corporate networks; ransomware payl...
Researcher discloses three iOS zero-days, says they were reported to Apple before May 4 and are still exploitable in iOS 15 after Apple failed to fix them
what you need to know Mahit Huilgol / iPhone Hacks : Apple Reportedly Fails to Patch Multiple iOS 15 Zero-Day Vulnerabilities First Reported in March Pierluigi Paganini / Security Affairs : Researcher...
Researchers find 1,000+ web apps, from Ford, American Airlines, and others, mistakenly exposed 38M records stored on Microsoft's Power Apps service
Including Contact-Tracing Info Keumars Afifi-Sabet / IT PRO : Microsoft Power Apps misconfiguration exposes 38 million records James Vincent / The Verge : Check your permissions: default settings in M...
FireEye and networking company Pulse Secure say two China-linked hacking groups used a flaw in its VPN devices to target customers in the US defense industry
Exploitation of Pulse Connect Secure Vulnerabilities — Summary Department of Homeland Security : Emergency Directive 21-03 — Mitigate Pulse Secure Product Vulnerabilities CNN : Suspected Chinese h...
FireEye releases a free tool that audits networks to determine whether certain techniques, known to be employed by SolarWinds hackers, were used
Focusing on UNC2452 TTPs Lily Hay Newman / Wired : The SolarWinds Hackers Used Tactics Other Groups Will Copy Zeljka Zorz / Help Net Security : Malwarebytes was breached by the SolarWinds attackers Al...
California passes landmark bill that requires gig economy workers to be treated as employees, going into effect Jan 1, affecting companies like Uber and Lyft
what's next? Mathew Katz / Digital Trends : Uber says drivers aren't an essential part of its business Danielle Abril / Fortune : Uber, Lyft, and Other Gig Economy Companies Push Back on New Californi...
An in-depth look at five iOS exploit chains that were used in hacked websites for carrying out watering hole attacks against devices running iOS 10 through 12
In the earlier posts we examined … Ryan Whitwam / ExtremeTech : Google Discovered Malicious Websites Used to Hack iPhones for Years Jon Porter / The Verge : Google reveals major iPhone security flaws ...
Amazon announces 5.5-inch Echo Show 5 that's shipping in July for $89.99, launches new Alexa commands to delete what you just said or everything you said today
Compact Design, Rich Sound, and Built-In Camera Shutter—Just $89.99 Adam Clark Estes / Gizmodo : Amazon Attempts to Improve Alexa Privacy, Hilariously Fails Jay Greene / Washington Post : Amazon adds ...