Apple has launched new privacy labels for iOS and macOS App Stores to increase the transparency of apps' data collection. The labels are considered nutrition facts for apps in that they provide details to users about what data is collected and accessed…

Researchers at Armis found that thousands of organizations remain at risk from the URGENT/11 and CDPwn collections of vulnerabilities, which affect operational technology (OT) gear and the internet of things (IoT).  Even though there are patches out…

The U.S. Homeland Security Department's Cybersecurity & Infrastructure Security Agency (CISA) released an alert about vulnerabilities found in Medtronic MyCareLink (MCL) medical devices. The vulnerabilities were discovered by the Internet of Things (…

One of the effects of the COVID-19 pandemic is the change of live hacking events from being hosted in-person to being held virtually. Due to the pandemic, Verizon Media, in collaboration with HackerOne, had to hold two hacking events online. They both…

Researchers with Palo Alto's Unit 42 research team have discovered a new information-stealing trojan, which targets Microsoft Windows systems with an onslaught of data-exfiltration capabilities. The trojan is called PyMicropsia (due to it being built…

Researchers at Abnormal Security have released details about an ongoing phishing campaign aimed at harvesting users' Office 365 credentials. The phishing emails in the campaign are designed to appear as if they were sent from the IT department…

 

An analysis of 95 COVID-19 contact-tracing apps conducted by the mobile security firm Guardsquare revealed that 40% did not use the official API of the Exposure Notifications protocol created by Apple and Google to protect user privacy and security. The…

The Microsoft 365 Defender Research Team has issued a warning about ad-injecting malware called Adrozek. According to Microsoft, cybercriminals have been distributing Adrozek malware since May 2020, with its peak occurring in August when more than 30,000…

Security vulnerabilities have been discovered in two widely used Point-of-Sale (PoS) terminals that could allow cybercriminals to conduct a number of malicious activities such as stealing credit card details, cloning terminals, and more. The…

Researchers are warning of an active ransomware campaign that is targeting MySQL database servers.  MySQL is an open-source relational database management system.  The ransomware is called PLEASE_READ_ME, and has so far breached at least 85,000…

Valve fixed critical bugs (CVE-2020-6016, CVE-2020-6017, CVE-2020-6018, and CVE-2020-6019) in its Steam gaming client, a popular platform for video games like Counter Strike: Global Offensive, Dota2, and Half Life.  The first three CVEs score 9.8…