Threatpost (@threatpost) on X (original) (raw)

Threatpost is the first stop for fast-breaking security news, conversations and analysis from around the world.

• 
• 
  
• 
  Breaking: Hundreds of millions of #Facebook records – including account names and plaintext #passwords – have been found in two separate publicly-exposed app datasets, researchers at
  @UpGuard
  found.
• 
  #Mozilla released an emergency patch for a critical #Firefox flaw that is being actively exploited in targeted attacks.
• 
  #Citrix warned of multiple #security flaws that could allow code injection and data theft - including four that are exploitable by unauthenticated, remote attackers.
• 
  In in lieu of a patch... “I advise to IMMEDIATELY DISCONNECT vulnerable routers from the Internet.” bit.ly/2jhkqY6
• 
  Secure password firms (1Password, Dashlane, KeePass and LastPass) are blasting a #security report highlighting how the utilities can be cracked open to steal #passwords.
• 
  This Office 365 #phishing attack leverages real-time Active Directory validation of credentials. #Office365
• 
• 
  The latest #iOS and Android versions of the FinSpy #malware have been deployed in the wild. The espionage tool can eavesdrop on Signal, Telegram and WhatsApp messages and calls.
• 
• 
  Researchers have released a proof-of-concept showing how a XXE #security vulnerability can be exploited to attack #Ghidra project users.
• 
  A strange glitch in #Gmail can be exploited to place emails into a person’s “Sent” folder — even if that person never sent them.
•