Cyberscoop
Facebook bug gave developers access to private photos of 6.8 million usersFacebook said Friday that a bug on its platform exposed 6.8 million users’ private photos to developers for 12 days in September. The flaw was in Facebook’s photo API, the company said, and accidentally gave developers access to private photos. The API should only allow authorized applications to access public photos on users’ timelines. “In this…
Shamoon resurfaces, targeting Italian oil companyResearchers are trying to make sense of an apparent reprisal of Shamoon, a piece of malware known for high profile attacks targeting oil and gas computer systems. Saipem, an Italian oil services company, confirmed Wednesday it was infected with a variant of the notorious virus, resulting in an outage. The attack shut down more than 300…
Can’t hack? You can buy the tools on the dark web insteadYou don’t have to be a hacker to hack. Much like legitimate businesses must pay for the various inputs that make up their offerings, cybercriminals rely on products and services — some legitimate and some purchased on the dark web — to conduct their operations. A report published Friday by Deloitte, titled “Black Market Ecosystem:…
Fifth Domain Cyber
Hackers are making their attacks look like they came from the Chinese governmentBecause Chinese hackers often use publicly available tools for their operations, it is easy to mimic their signature viruses.
Does IT compliance mean good cybersecurity? Experts disagree.The NIST guidelines are at the center of a debate about how — and if — the United States government and American businesses can protect sensitive data
Legal Technology News
Threatpost
Electric Vehicle Charging Stations Open to IoT AttacksFlaws could allow an attacker to stop or start a home charging station, or even change the current in order to start a fire.
WordPress 5.0 Patched to Fix Serious BugsOne bug accidentally allowed Google to index user passwords.
Facebook Flaw Exposes Private Photos for 6.8M UsersThe bug allowed 1,500 apps built by 876 developers to view users' unposted "draft" photos.
Logitech Keystroke Injection Flaw Went Unaddressed for MonthsThe flaw allows a remote attacker to gain full access over a machine.
Save the Children Federation Duped in $1M ScamA business email compromise campaign cost the Save the Children Federation $1 million.
Bomb Threat Bitcoin Demands Cause Disruption, EvacuationsAn email campaign is demanding large sums of money in return for not blowing up schools, banks and businesses.
Grammarly Launches Public Bug Bounty ProgramThe online spell check platform is taking its private bounty program public in hopes of outing more threats.
Secure Critical Infrastructure Top of Mind for U.S.Attacks targeting critical infrastructure system are ramping up - and defense has become a top priority for the U.S. government.
Google Beefs Up Android Key Security for Mobile AppsChanges to how data is encrypted can help developers ward off data leakage and exfiltration.
Shamoon Reappears, Poised for a New Wiper AttackOne of the most destructive malware families ever seen is back, and researchers think its authors are gearing up to again take aim at the Middle East.
Android Trojan Targets PayPal UsersThe trojan purports to be a battery optimization app - and then steals up to 1,000 euro from victims' PayPal accounts.