Twitter has advised all its 330 million users to change their passwords after a software 'glitch' unintentionally exposed its users' passwords by storing them in readable text on its internal computer system.
The social media network disclosed the issue in an official blog post and a series of tweets from Twitter Support.
Twitter has admitted that user passwords were briefly stored in plaintext and may have been exposed to the company's internal tools.
LoJack, a software tool designed to rat on computer thieves, appears to be serving a double purpose - seemingly working with a Russian state - sponsored hacking team.
The application allows administrators to remotely lock and locate, and remove files from, stolen personal computers. It's primarily aimed at corporate IT types who want to protect stuff that gets nicked, but anyone can use it.
Just recently, several LoJack agents were found to be unexpectedly connecting to servers that are believed to be controlled by the notorious Russia-linked Fancy Bear APT group.
Yahoo has been fined $35M by US financial watchdog, the SEC, for failing to tell anyone about one of the world's largest ever computer security breaches.
Now known as Altaba following its long, slow and painful descent in irrelevance, Yahoo! knew that its entire user database: including billions of usernames, email addresses, phone numbers, birthdates, passwords, security questions; had been grabbed by Russian hackers back in 2014, just days after the break-in occurred.
A bug in how LinkedIn autofills data on other websites could have allowed an attacker to silently steal user profile data.
The flaw was found in LinkedIn's widely used AutoFill plugin, which allows approved 3rd-party websites to let LinkedIn members automatically fill in basic information from their profile - such as their name, email address, location, and where they work - as a quick way to sign up to the site or to receive email newsletters.
A feature that allows users to wirelessly sync their iPhones and iPads with iTunes can be abused by hackers to take control of iOS devices in what researchers call a "Trustjacking" attack.
This feature can be enabled by physically connecting an iOS device to a computer with iTunes and enabling the option to sync over WiFi.
If an attacker gets the targeted user to connect their iPhone/iPad via a cable to a malicious or compromised device, the hacker gains persistent control over the device as long as they are on the same wireless network as the victim.