Cloud Leak Exposes 320M Dating-Site Records
A misconfigured, Mailfire-owned Elasticsearch server impacted 70 dating and e-commerce sites, exposing PII and details such as romantic preferences.
Source: Threadpost
TikTok Fixes Flaws That Opened Android App to Compromise
The flaws are disclosed as Oracle reportedly partners with TikTok as concerns in the U.S. over spying continue.
Source: Threadpost
Magecart Attack Impacts More Than 10K Online Shoppers
Close to 2,000 e-commerce sites were infected over the weekend with a payment-card skimmer, maybe the result of a zero-day exploit.
Source: Threadpost
APT28 Mounts Rapid, Large-Scale Theft of Office 365 Logins
The Russia-linked threat group is harvesting credentials for Microsoft's cloud offering, and targeting mainly election-related organizations.
Source: Threadpost
Office 365 Phishing Attack Leverages Real-Time Active Directory Validation
Attackers check the victims' Office 365 credentials in real time as they are typed into the phishing landing page, by using authentication APIs.
Source: Threadpost
It’s No ‘Giggle’: Managing Expectations for Vulnerability Disclosure
Vulnerability-disclosure policies (VDPs), if done right, can help provide clarity and clear guidelines to both bug-hunters and vendors when it comes to going public with security flaws.
Source: Threadpost
WordPress Plugin Flaw Allows Attackers to Forge Emails
The high-severity flaw in the Email Subscribers & Newsletters plugin by Icegram affects more than 100,000 WordPress websites.
Source: Threadpost
Microsoft Warns of Cyberattacks on Trump, Biden Election Campaigns
Just months before the U.S. presidential election, hackers from Russia, China and Iran are ramping up phishing and malware attacks against campaign staffers.
Source: Threadpost
Razer Gaming Fans Caught Up in Data Leak
A cloud misconfiguration at the gaming-gear merchant potentially exposed 100,000 customers to phishing and fraud.
Source: Threadpost
Bluetooth Bug Opens Devices to Man-in-the-Middle Attacks
The "BLURtooth" flaw allows attackers within wireless range to bypass authentication keys and snoop on devices utilizing implementations of Bluetooth 4.0 through 5.0.
Source: Threadpost