Threatpost News Wrap Podcast for Nov. 23
From Ford data security speculation to the VisionDirect data breach, the Threatpost editors talk about this week's biggest stories.
Source: Threadpost
Facebook Bans Spy-for-Hire Firms for Targeting 50K People
Meta, Facebook’s parent company, said that the seven banned actors run fake accounts on its platforms to deceive users and plant malware on targets’ phones.
Source: Threadpost
Next-Gen Ransomware Packs a ‘Human’ Punch, Microsoft Warns
Ryuk, DoppelPaymer, Parinacota and other ransomware groups are getting more sophisticated, Microsoft warns.
Source: Threadpost
Popular Shopping Cart App Plugs Dozens of XSS Vulnerabilities
Researchers found 50 cross site scripting vulnerabilities in the popular open source shopping cart application Zen Cart.
Source: Threadpost
Fraudulent Video Ad Bot Rakes in Close to $5 Million Daily
An cybercrime group from Russia earns $3 million to $5 million daily through defrauding major U.S. websites of video ad revenue.
Source: Threadpost
IBM Settles Lawsuit Over Weather Channel App Data Privacy
The lawsuit alleged that the IBM-owned Weather Channel mobile app did not let users know it was selling their geolocation data.
Source: Threadpost
Fresh Spectre Variants Come to Light
The newly-discovered Spectre variants can be exploited to uncover confidential data via microarchitectural side channels in CPUs.
Source: Threadpost
Serious Phar Flaw Allows Arbitrary Code Execution on Drupal
Drupal, Typo3 and Joomla are all impacted by the bug.
Source: Threadpost
ProjectSauron APT On Par With Equation, Flame, Duqu
ProjectSauron, an APT attack platform, has been used since 2011 to target critical government, financial and communications organizations in a number of countries.
Source: Threadpost
Hack the Army Bounty Pays Out $100,000; 118 Flaws Fixed
The U.S. Army released the results of its Hack the Army bug bounty, and said that close to $100,000 was paid out, and 118 unique and actionable vulnerabilities were reported.
Source: Threadpost