On Jan. 4, 2018, Facebook CEO Mark Zuckerberg posted his New Year’s resolution, vowing to fix Facebook’s various issues with abuse, election interference and misinformation campaigns. But a timeline of events since then shows a bevy of Facebook security and data privacy issues. In February 2018, Facebook was found guilty in German and Belgian courts

A team of security researchers has discovered several vulnerabilities in various implementations of OpenPGP and S/MIME email signature verification that could allow attackers to spoof signatures on over a dozen of popular email clients. The affected email clients include Thunderbird, Microsoft Outlook, Apple Mail with GPGTools, iOS Mail, GpgOL, KMail, Evolution, MailMate, Airmail, K-9 Mail,

Open source and information security applications go together like peanut butter and jelly. The transparency provided by open source in infosec applications — what they monitor and how they work — is especially important for packet sniffer and intrusion detection systems (IDSes) that monitor network traffic. It may also help explain the long-running dominance of

Facebook expects to face a massive fine of up to $5 billion from the Federal Trade Commission (FTC) as the result of an investigation into its privacy policies—that’s about one month’s revenue for the social media giant. To be clear the amount of fine is not what the FTC has announced or hinted yet; instead,

Facebook has a lot of problems, then there are a lot of problems for Facebook—and both are not going to end anytime sooner. Though Facebook has already set aside $5 billion from its revenue to cover a possible fine the company is expecting as a result of an FTC investigation over privacy violations, it seems

Best practices — we all know they’re important. Most of the time, they’re static guidelines on how to design or implement systems. But in terms of email security, best practices for employees are almost always a combination of steps taken by security architects and a set of desired behaviors for an organization’s email system end

Docker Hub, one of the largest cloud-based library of Docker container images, has suffered a data breach after an unknown attacker gained access to the company’s single Hub database. Docker Hub is an online repository service where users and partners can create, test, store and distribute Docker container images, both publicly and privately. The breach

If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new, unpatched vulnerability that has been made public and could allow attackers to compromise your online store. A WordPress security company—called “Plugin Vulnerabilities“—that recently gone rogue in order to protest against moderators of the WordPress’s official support

A team of cybersecurity researchers today published a post warning enterprises of an unpatched, highly critical zero-day vulnerability in Oracle WebLogic server application that some attackers might have already started exploiting in the wild. Oracle WebLogic is a scalable, Java-based multi-tier enterprise application server that allows businesses to quickly deploy new products and services on

Threat intelligence firm Flashpoint said dark web threats are evolving, and the company has a plan to give enterprises better visibility into such threats. The New York-based cybersecurity vendor introduced on Wednesday a new version of its Flashpoint Intelligence Platform to keep enterprise security teams better informed about dark web threats and new threat actor

U.S. Congress has sent an open letter to Google CEO Sundar Pichai asking for more information about its Sensorvault database that’s reportedly being used by law enforcement agencies to solve crime cases. Last week, we reported a story based upon NY Times findings that revealed how using a “geofence” warrant, authorities obtain location history of

Hackers have been found exploiting a pair of critical security vulnerabilities in one of the popular social media sharing plugins to take control over WordPress websites that are still running a vulnerable version of the plugin. The vulnerable plugin in question is Social Warfare which is a popular and widely deployed WordPress plugin with more

An unprotected database belonging to JustDial, India’s largest local search service, is leaking personally identifiable information of its every customer in real-time who accessed the service via its website, mobile app, or even by calling on its fancy “88888 88888” customer care number, The Hacker News has learned and independently verified. Founded over two decades

BOSTON — Forcepoint believes it’s time for a more human-centric cybersecurity approach, and the company made a major investment to accelerate that vision. Forcepoint this week opened its new Cyber Experience Center, a 53,000-square-foot facility in Boston’s Seaport district. The center is designed educate enterprises about their current security challenges as well as promote a

A cybersecurity professional today demonstrated a long-known unpatched weakness in Microsoft’s Azure cloud service by exploiting it to take control over Windows Live Tiles, one of the key features Microsoft built into Windows 8 operating system. Introduced in Windows 8, the Live tiles feature was designed to display content and notifications on the Start screen,

Not a week goes without a new Facebook blunder. Remember the most recent revelation of Facebook being caught asking users new to the social network platform for their email account passwords to verify their identity? At the time, it was suspected that Facebook might be using access to users’ email accounts to unauthorizedly and secretly

A white-hat hacker found a way to get into the French government’s newly launched, secure encrypted messaging app that otherwise can only be accessed by officials and politicians with email accounts associated with the government identities. Dubbed “Tchap,” the end-to-end encrypted, open source messaging app has been created by the French government with an aim

Facebook late last month revealed that the social media company mistakenly stored passwords for “hundreds of millions” of Facebook users in plaintext, including “tens of thousands” passwords of its Instagram users as well. Now it appears that the incident is far worse than first reported. Facebook today quietly updated its March press release, adding that

Drupal, the popular open-source content management system, has released security updates to address multiple “moderately critical” vulnerabilities in Drupal Core that could allow remote attackers to compromise the security of hundreds of thousands of websites. According to the advisories published today by the Drupal developers, all security vulnerabilities Drupal patched this month reside in third-party

Microsoft warned users of its web email services that accounts may have been compromised, and some sensitive data may have been accessed. Beginning late Friday, Microsoft sent email messages to users of Outlook, Hotmail and MSN Mail, alerting them that an unauthorized third party gained partial access to Microsoft-managed accounts between Jan. 1 and March

Even after Google’s security oversight over its already-huge Android ecosystem has evolved over the years, malware apps still keep coming back to Google Play Store. Sometimes just reposting an already detected malware app from a newly created Play Store account, or using other developers’ existing accounts, is enough for ‘bad-faith’ developers to trick the Play

It’s no secret that Google tracks you everywhere, even when you keep Google’s Location History feature disabled. As revealed by an Associated Press investigation in 2018, other Google apps like Maps or daily weather update service on Android allows the tech giant to continuously collect your precise latitude and longitude. According to Google, the company

Matrix—the organization behind an open source project that offers a protocol for secure and decentralized real-time communication—has suffered a massive cyber attack after unknown attackers gained access to the servers hosting its official website and data. Hackers defaced Matrix’s website, and also stole unencrypted private messages, password hashes, access tokens, as well as GPG keys

Zero trust may seem like just another security buzzword, but organizations are increasingly finding reasons to take the zero trust approach to network security. In the early days of the internet, network security professionals borrowed medieval terminology to describe network defenses: Moats, bastion hosts, perimeters, firewalls and gateways all figured into the network defender’s vocabulary.

If you have an account with Microsoft Outlook email service, there is a possibility that your account information has been compromised by an unknown hacker or group of hackers, Microsoft confirmed. Earlier this year, hackers managed to breach Microsoft’s customer support portal and access information related to some email accounts registered with the company’s Outlook

Yes, you read that right! Russia has fined Facebook with 3,000 rubles, roughly $47, for not complying with the country’s controversial Data Localization law. It’s bizarre and unbelievable, but true. In December last year, Russian Internet watchdog Roskomnadzor sent notifications to Twitter and Facebook asking them to provide information about the location of servers that

If you have downloaded the VSDC multimedia editing software between late February to late March this year, there are high chances that your computer has been infected with a banking trojan and an information stealer. The official website of the VSDC software — one of the most popular, free video editing and converting app with

As endpoint threats become more sophisticated and abundant, so does the need for more advanced endpoint security tools. An organization can improve the security of its endpoints — including laptops, desktop PCs, mobile devices and servers in the data center — by using software that can rapidly detect, analyze, block and contain in-progress attacks. These

It has been close to just one year since the launch of next-generation Wi-Fi security standard WPA3 and researchers have unveiled several serious vulnerabilities in the wireless security protocol that could allow attackers to recover the password of the Wi-Fi network. WPA, or Wi-Fi Protected Access, is a standard designed to authenticate wireless devices using

Good morning readers, it’s Patch Tuesday again—the day of the month when Adobe and Microsoft release security patches for their software. Adobe just released its monthly security updates to address a total of 40 security vulnerabilities in several of its products, including Flash Player, Adobe Acrobat and Reader, and Shockwave Player. According to an advisory,