Popular Android Zombie game phish users to steal Gmail credentials

By Waqas The app made its way to Google Play Store was also found phishing users for Facebook credentials. Scary Granny ZOMBY Mod: The Horror Game 2019 is the latest game on Google Play Store that is condemned by the digital security fraternity for sneakily stealing personal data from unsuspectin...

The not so ultra lock

This post couldn't have been written without @evstykas and @cybergibbons. I became aware of the Ultraloq from U-tec a few months ago. For a room door lock it has a range of what look like really good features: Ultraloq UL3 smart lever lock is designed to be "Real Keyless". You are free to use...

Vercel: User personal data disclosure via API

Summary: As a normal user, the API allows me to obtain information about other users by passing their email address as a query parameter which then returns their name, username, uid, avatar hash, and email in the HTTP response body. Under GDPR regulations this information disclosure is categorize...

Facebook Faces Lawsuit Over Massive 2018 Data Breach

Facebook lost a key court ruling last week and now must face a lawsuit tied to a data breach of its platform disclosed in 2018, which impacted nearly 30 million of its users. The data breach, first disclosed by Facebook in September 2018, directly impacted the access tokens of 30 million accounts...

Match, Tinder Swipe Right For Privacy Red Flags, Say Experts

Over 70 percent of subscribers across Match.com express concern about the amount of data they share with the platform, according to a ProPrivacy.com survey. But despite those concerns, users of the service do it anyway and also remain unaware of just how much data the company collects and how the...

DEBIAN-CVE-2019-12497

An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.8, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. In the customer or external frontend, personal information of agents e.g., Name and mail address can be disclosed in external notes...

UBUNTU-CVE-2019-12497

An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.8, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. In the customer or external frontend, personal information of agents e.g., Name and mail address can be disclosed in external notes...

Hackers Are After Your Personal Data – Here’s How to Stop Them

Our lives are increasingly digital. We shop, socialize, communicate, watch TV and play games — all from the comfort of our desktop, laptop, or mobile device. But to access most of these services we need to hand over some of our personal data. Whether it’s just our name and email address or more...

News Wrap: Amazon Privacy and Telegram DDoS Attack

Beyond Patch Tuesday, this week was crammed with privacy and security related news. In this week’s Threatpost podcast, editors Tara Seals and Lindsey O’Donnell discussed the top news from the week. That includes: A federal lawsuit alleging that Amazon is recording children who use its Alexa...

Online graphic-design tool Canva hacked; 139 million accounts stolen

By Uzair Amir Canva has contacted the FBI to investigate the data breach. Canva, an online graphic-design tool website operated from Australia has suffered a massive data breach in which personal data of over 139 million registered users has been stolen - The breach took place on Friday, May 24...

Snapchat Privacy Blunder Piques Concerns About Insider Threats

Snap, the company behind the popular Snapchat social media app, has found itself in hot water after a recent report revealed that Snap employees were abusing their access to private user data – which includes location data, saved Snaps and phone numbers. According to a Thursday Motherboard report...

U.S. Charges Chinese Hacker For 2015 Anthem Data Breach

The United States Justice Department today announced charges against a Chinese hacker and his hacking team member for their alleged role in the 2015 massive data breach at health insurance giant Anthem and three other unnamed American companies. Fujie Wang 王 福 杰 and another hacker named John Doe...

Freedom Mobile leaked millions of card data with CVV codes in plain text

By Uzair Amir The company claims it does not share user data with others but looks like it does. Another day, another data breach; this time an unprotected database has been discovered leaking personal and financial data of millions of Canadians. Identified by researchers at vpnMentor along with...

Lenovo Watch app has multiple vulnerabilities

Shenzhen Personal Data Management Service Co., Ltd. is for analyzing and mining the value behind personal habits, preferences, and health, and becoming a scene service and content operator based on personal data. The Lenovo Watch app has multiple vulnerabilities that can be exploited by attackers...

Unprotected Database Exposes Personal Info of 80 Million American Households

A team of security researchers has claims to have found a publicly-accessible database that exposes information on more than 80 million U.S. households—nearly 65 percent of the total number of American households. Discovered by VPNMentor's research team lead by hacktivists Noam Rotem and Ran Loca...

Unprotected Database Exposes Personal Info of 80 Million American Households

A team of security researchers has claims to have found a publicly-accessible database that exposes information on more than 80 million U.S. households—nearly 65 percent of the total number of American households. Discovered by VPNMentor's research team lead by hacktivists Noam Rotem and Ran Loca...

Facial Recognition is Here: But Are We Ready?

When MacKenzie Fegan was boarding her morning flight to Mexico City last Wednesday, she noticed something odd at her gate at the JFK International Airport. Instead of a JetBlue employee scanning her boarding pass or taking a look at her passport, she – and other passengers at the gate – was...

Bodybuilding.com suffers data breach; issues password reset for all users

By Uzair Amir Bodybuilding.com will contact all former and current users - The website has over seven million registered users. The world-renowned fitness platform Bodybuilding.com has suffered a data breach in which personal data of registered users has been accessed. The breach was identified i...

Insecure Ride App Database Leaks Data of 300K Iranian Drivers

A researcher has discovered that over a quarter-million drivers of the Iranian ride hailing app Tap30 have had their data left publicly exposed in an insecure database. Tap30 is an online taxi application, similar to Uber, that connects users to drivers through the mobile app and the corporate...

Never Forget That You Are Being Watched

By David Balaban What data do Facebook, Google, and mobile apps collect, do mobile carriers listen to your calls? Read this post and find answers to these and other privacy questions as well as get tips on how to protect your personal data. It has become known that information about 257,000...