Bumble bugs could have exposed personal data of all users

The information at risk of theft due to API flaws included people’s pictures, locations, dating preferences and Facebook data. Security vulnerabilities in Bumble, one of today’s most popular dating apps, could have exposed the personal information of its entire, almost 100 million-strong user-base. The bugs – which affected Bumble’s application programming interface (API) and stemmed … More Bumble bugs could have exposed personal data of all users

ESET removes Social Media Scanner from product portfolio due to restrictions on third-party API applications

ESET, a global leader in cybersecurity, has removed the ESET Social Media Scanner from its product portfolio. The API-based application was initially designed to protect users from malicious content distributed through Facebook, Twitter and VKontakte and sat alongside ESET’s software solutions. Due to increased restrictions on third-party API applications, the removal of Facebook protection and … More ESET removes Social Media Scanner from product portfolio due to restrictions on third-party API applications

Flaws in smart car alarms exposed 3 million cars to hijack

The vulnerabilities, which resided in associated smartphone apps, were both easy to find and easy to fix. Two smart alarm systems for cars have plugged critical security holes that put three million vehicles globally at risk of being hijacked, research by Pen Test Partners reveals. If exploited, the vulnerabilities would have enabled anyone to turn the alarm … More Flaws in smart car alarms exposed 3 million cars to hijack

Twitter patches bug that may have spilled users’ private messages

The flaw affected one of the platform’s APIs between May 2017 and September 10 of this year, when it was patched “within hours”. Twitter has fixed a bug that is believed to have shared Direct Messages (DMs) and protected Tweets of some users with developers who were not authorized to access that information. According to the … More Twitter patches bug that may have spilled users’ private messages

PowerPool malware exploits ALPC LPE zero-day vulnerability

Malware from newly uncovered group PowerPool exploits zero-day vulnerability in the wild, only two days after its disclosure. On August 27, 2018, a so-called zero-day vulnerability affecting Microsoft Windows was published on GitHub and publicized via a rather acerbic tweet. It seems obvious that this was not part of a coordinated vulnerability disclosure and there was no … More PowerPool malware exploits ALPC LPE zero-day vulnerability