Facebook has disclosed that roughly 5,000 third-party app developers were able to access personal details from accounts that had been inactive for more than 90 days, breaking the guidelines the company established after the Cambridge Analytica crisis in 2018. The company says it has fixed the issue and is adding new policies to its developer platform regarding third-party sharing and safeguarding of user data.
Microsoft has issued emergency updates for two vulnerabilities in the Windows Codecs Library that could give cybercriminals remote access. Typically the company issues fixes on the second Tuesday of every month, but these patches were released outside that cycle after a security researcher flagged them.
Apple's recent series of patent applications titled "Providing Verified Claims of User Identity" reveals the company is working on technology in which a device can be used to store, verify and transmit a user's personal identification, which in theory could make physical IDs such as passports and driver licenses obsolete. The system would work by verifying the user through biometric sensors on devices, such as an Apple Watch, and then securely transmitting the ID.
Lenovo has launched its Virtual Care service to help doctors manage chronically ill patients through home kits that include biometric devices to measure blood pressure and glucose levels and a Lenovo tablet programmed with "Rosie," a smart assistant that guides patients through their customized health plans. The monitoring service is intended to allow patients and doctors to communicate quickly and more efficiently, ultimately decreasing the number of in-person visits.
Nearly 133 million user records from 14 company databases have been posted for sale on a hacker forum, all containing usernames and hashed passwords. The compromised companies span various industries, including online gaming, fashion, sports streaming, finance and food delivery, and indications point to the Shiny Hunters group as the perpetrator.
Xerox appears to be one of the latest targets of Maze ransomware operators, who reportedly made off with 100 GB of the company's data. Xerox isn't commenting, but the hackers are threatening to publish the data if ransom demands are not met, and they have posted screenshots of some of the material.
The newly documented Mac ransomware EvilQuest, which has been renamed ThiefQuest, may be more destructive than was first thought, with spyware capabilities that could be used to search for passwords and financial data, run a powerful keylogger and stage subsequent attacks. The malware is being delivered via torrent sites bundled with brand-name software, researchers say.
E-commerce platform Magento 1 is no longer supported by Adobe, leaving the platform -- already a popular target for Magecart attacks -- vulnerable to further intrusions. Adobe is encouraging Magento site owners to upgrade to Magento 2.
- Page 1