Apps like Tinder, Bumble, Grindr, Badoo, OKCupid, MeetMe, and Hinge all have API vulnerabilities that expose sensitive user data, and six allow a threat actor to pinpoint exactly where someone is.
Автор: Elizabeth Montalbano, Contributing Writer
20 Million Trusted Domains Vulnerable to Email Hosting Exploits
Three newly discovered SMTP smuggling attack techniques can exploit misconfigurations and design decisions made by at least 50 email-hosting providers.
‘BadPack’ APK Files Make Android Malware Hard to Detect
Manipulated header info within files, in mobile Trojans like TeaBot and others, makes it difficult for defenders to analyze and detect them.
Void Banshee APT Exploits Microsoft Zero-Day in Spear-Phishing Attacks
The threat group used CVE-2024-38112 and a "zombie" version of IE to spread Atlantida Stealer through purported PDF versions of reference books.
FishXProxy Phishing Kit Outfits Cybercriminals for Success
A new end-to-end toolkit circulating on the Dark Web significantly lowers the barrier to entry for creating sophisticated campaigns that can avoid most traditional security detection and protection systems.
Poco RAT Burrows Deep Into Mining Sector
The novel malware targets Spanish-speaking users via malicious Google Drive links, and taps a popular C++ library to evade detection.