A bug in how LinkedIn autofills data on other websites could have allowed an attacker to silently steal user profile data.
The flaw was found in LinkedIn's widely used AutoFill plugin, which allows approved 3rd-party websites to let LinkedIn members automatically fill in basic information from their profile - such as their name, email address, location, and where they work - as a quick way to sign up to the site or to receive email newsletters.
A feature that allows users to wirelessly sync their iPhones and iPads with iTunes can be abused by hackers to take control of iOS devices in what researchers call a "Trustjacking" attack.
This feature can be enabled by physically connecting an iOS device to a computer with iTunes and enabling the option to sync over WiFi.
If an attacker gets the targeted user to connect their iPhone/iPad via a cable to a malicious or compromised device, the hacker gains persistent control over the device as long as they are on the same wireless network as the victim.
Cryptocurrency exchange Coinsecure, India's second exchange, announced that it has suffered a severe issue, 438 bitcoin, $3,3M worth of bitcoin, have been transferred from the main wallet to an account that is not under their control. Only the CEO and CSO had private keys to the exchange's main wallet.
The CSO is responsible for the transfer, the company posted two imaged on the websites containing company statement signed by the Coinsecure team and a scanned copy of a police complaint filed by CEO.
The Encrypted Messaging App Signal is Edward Snowden's Favorite App. Leonardo Porpora, a 17-year-old high school student from Italy, discovered an easy to exploit vulnerability in popular encrypted messaging app Signal for iOS that would let malicious hackers bypass the authentication process and access user chats.
Facebook drops yet another bombshell on its users by admitting that all of its 2.2 billion users should assume malicious 3rd-party scrapers have compromised their public profile information.
Mark Zuckerberg at an interview revealed that "malicious actors" took advantage of "Search" tools on its platform to discover the identities and collect information on most of its 2 billion users worldwide.