Photo booth flaw exposes people’s private pictures online

Photo booths are great. You press a button and get instant results. The same can’t be said, allegedly, for the security practices of at least one company operating them. A security researcher spent weeks trying to warn a photo booth operator about a vulnerability in its system. The flaw reportedl...

Advance Auto Parts customer data posted for sale

A cybercriminal using the handle Sp1d3r is offering to sell 3 TB of data taken from Advance Auto Parts, Inc. Advance Auto Parts is a US automotive aftermarket parts provider that serves both professional installers and do it yourself customers. Allegedly the customer data includes: Names Email...

New Zero-Click Exploits against iOS

Citizen Lab has identified three zero-click exploits against iOS 15 and 16. These were used by NSO Groups Pegasus spyware in 2022, and deployed by Mexico against human rights defenders. These vulnerabilities have all been patched. One interesting bit is that Apples Lockdown Mode part of iOS 16...

Mailchimp breach feels like deja vu

A threat actor successfully used compromised employee credentials to gain access to 133 accounts on Mailchimp, the mainstream Intuit-owned email marketing platform, in a security incident that recently came to light. "On January 11, the Mailchimp Security team identified an unauthorized actor...

Snapchat gives Californians more power over their personal data

There's a new toggle switch in Snapchat that, once enabled, limits the use of sensitive personal information. TechCrunch reports that the switch is a new privacy feature Snapchat will be rolling out to comply with the California Privacy Rights Act CPRA, also known as Proposition 24. The act, whic...

Criminals are applying for remote work using deepfake and stolen identities, says FBI

The FBI has warned businesses of an uptick in reports of criminals applying for remote work using deepfake and stolen PII personally identifiable information. A deepfake is essentially created or modified media image, video, or audio, often with the help of artificial intelligence AI and machine...

Apple Disables Walkie-Talkie App Due to Eavesdropping Flaw

Apple has temporarily disabled the Walkie-Talkie feature from the Apple Watch due to a vulnerability that could allow potential attackers to eavesdrop in on iPhone calls, a TechCrunch report said. The Apple Watch Walkie-Talkie app allows users to converse with friends in real-time, without having...

techcrunch.com Improper Access Control vulnerability

Open Bug Bounty ID: OBB-625390 Description| Value ---|--- Affected Website:| techcrunch.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| hidd...

Unicode Technique Used to Deliver Cryptomining Malware Through Telegram

Attackers are using the time-tested right-to-left override technique to deliver cryptomining malware through the popular Telegram messaging application, say researchers. The right-to-left RLO technique uses Unicode to hide malicious file names and trick users into executing what appear to be beni...

Android developer said 'F-Secure can say that anything is malware'

As the popularity of Android has boomed, more and more malware is targeting the platform. Digital miscreants are using fraudulent developer accounts on Google's Play marketplace to spread malware. According to latest Mobile Threat report from F-Secure, Android malware continued to gain in share i...

Google Flaw Allowed Easy 'E-mail Harvesting'

An issue with Google Apps over the weekend sent the company scrambling to fix a hole in its Script API. The problem allowed a specific domain to harvest the e-mail addresses of anyone who visited the site while logged into their Google account, according to a report on InfoSecurity. After visitin...

TechCrunch Europe Was Hacked

TechCrunch Europe has cleaned up its website following the discovery of malicious code that left visiting surfers exposed to infection by a variant of the infamous Zeus banking Trojan. Read the full article. The Register...

Joomla Jobs Pro Blind SQL Injection Vulnerability

No description provided by source. Name : Joomla Jobs Pro BSqli Vulnerability Date : july 6,2010 Critical Level : HIGH vendor URL :http://www.instantphp.com/ Price:$105.00 Author : Sid3^effects aKa HaRi special thanks to : r0073r inj3ct0r.com,L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger gree...

Facebook Security Hole Exposes Live Chat, Private Data

The problems with security and privacy on Facebook hit a new gear today with news that a web site vulnerability exposed live chat sessions and other private user data. According to a TechCrunch Europe report, the gaping security security on the Facebook site allowed any user to view the live chat...

TechCrunch Compromised, Defaced

Popular technology site TechCrunch was hit by potty-mouth hackers late on Monday, leaving the site temporarily unavailable. A notice on TechCrunch.com’s front page on Tuesday morning explains that “TechCrunch.com was compromised by a security exploit”. Read the full article. The Register...