Facebook Debuts Bug-Bounty ‘Loyalty Program’
Facebook bounty hunters will be placed into tiers by analyzing their score, signal and number of submitted bug reports — which will dictate new bonus percentages.
Facebook...
Fitbit Spyware Steals Personal Data via Watch Face
Immersive Labs Researcher takes advantage of lax Fitbit privacy controls to build a malicious spyware watch face.
A wide-open app-building API would allow an attacker to build a malicious...
Russian Who Hacked LinkedIn, Dropbox Sentenced to 7 Years in Prison
By: Swati Khandelwal
A Russian hacker who was found guilty of hacking LinkedIn, Dropbox, and Formspring over eight years ago has finally been sentenced to 88 months in United States...
Beware: New Android Spyware Found Posing as Telegram and Threema Apps
By: Ravie Lakshmanan
A hacking group known for its attacks in the Middle East, at least since 2017, has recently been found impersonating legitimate messaging apps such as Telegram and...
Common bugs make anti-virus solutions vulnerable to exploitation
By:
Teri Robinson
The very anti-malware solutions meant to protect organizations for things like increasing privilege can be...
Phishing scam lures employees by teasing secrets of Trump COVID diagnosis
By:
Bradley Barth
A go-to strategy among cyberattackers is developing phishing lures based on timely news events. Sure...
Is Your Organization Protected Against IAM Misconfiguration Risks?
In the latest edition of the Unit 42 Cloud Threat Report, our researchers explore the cloud threat landscape with a deep focus on identity and access management (IAM) misconfiguration...
3 Simple Techniques to Add Security Into the CI/CD Pipeline
I propose that there are three fundamental and concrete practices DevOps and security teams can adopt to add security into the CI/CD pipeline and secure critical applications, involving:
Infrastructure-as-Code (IaC).
Kubernetes...
Cyberattacks Up, But Companies (Mostly) Succeed in Securing Remote Workforce
Despite fears that the burgeoning population of remote workers would lead to breaches, companies have held their own, a survey of threat analysts finds.Since the onset of the pandemic,...
Critical Zerologon Flaw Exploited in TA505 Attacks
Microsoft reports a new campaign leveraging the critical Zerologon vulnerability just days after nation-state group Mercury was seen using the flaw.Microsoft has observed new threat activity exploiting the critical...
