iPhone Zero-Days Anchored Watering-Hole Attacks
A new, highly capable spyware payload can monitor everything in a person’s digital life. Go to Source
Six Hackers Have Now Pocketed $1M From Bug Bounty Programs
Up to 25 percent of valid vulnerabilities found in bug bounty programs are classified as being of high or critical severity. Go to Source
News Wrap: Dentist Offices Hit By Ransomware, Venmo Faces Privacy Firestorm
From new ransomware attacks to privacy issues around Venmo and Ring, Threatpost editors break down the top news of this week. Go to Source
TGI Fridays Delivers Customer Indigestion Over Data Exposure
TGI Fridays Australia restaurant chain warns loyalty reward program member of exposed data incident. Go to Source
FIN6 Switches Up PoS Tactics to Target E-Commerce
The group is using the More_eggs JScript backdoor to anchor its attack. Go to Source
Google Targets Data-Abusing Apps with Bug Bounty Launch
Google is looking to battle the malicious apps – and apps abusing user data – on Google Play by improving its bug-bounty program arsenal. Go to Source
Venmo’s Public Transactions Policy Stirs Privacy Concerns
In an open letter, the Mozilla Foundation and EFF scolded Venmo for its data privacy policies, which they say could open the door to stalking and spear-phishing. Go to Source
Critical Cisco VM Bug Allows Remote Takeover of Routers
CVE-2019-12643 has been given the highest possible severity rating. Go to Source
Elderly China Chopper Tool Still Going Strong in Multiple Campaigns
Multiple actors in multiple campaigns are using the web shell for remote access, even though it’s almost a decade old and hasn’t been updated. Go to Source
TrickBot Targets Verizon, T-Mobile, Sprint Users to Siphon PINs
TrickBot malware targets users of U.S. mobile carriers Verizon, T-Mobile and Sprint via web injects to steal their PIN codes; enabling SIM swapping attacks. Go to Source