Security News

Today, T-Mobile customers said they could see other peoples' account and billing information after logging into the company's official mobile application. According to user reports on social media, the exposed information included customers' names, phone numbers, addresses, account balances, and credit card details like the expiration dates and the last four digits.

Phishing actors are now actively abusing the Glitch platform to host short-lived credential-stealing URLs for free while evading detection and takedowns. Glitch is a cloud hosting service that allows people to deploy apps and websites using Node.js, React, and other development platforms.

A long-term spear-phishing campaign is targeting employees of major corporations with emails containing PDFs that link to short-lived Glitch apps hosting credential-harvesting SharePoint phishing pages, researchers have found. Instead, the malicious activity propagated by the PDFs is a link to Glitch apps hosting phishing pages that included obfuscated JavaScript for stealing credentials, he wrote.

The accounts of at least 6,000 Coinbase customers were robbed of funds after attackers bypassed the cryptocurrency exchange's multi-factor authentication. The attacker(s) used a flaw in Coinbase's account recovery process to seize the SMS two-factor authentication tokens needed to break into customers' accounts and transfer funds to crypto wallets unassociated with Coinbase.

The Matrix.org Foundation, which oversees the Matrix decentralized communication protocol, said on Monday multiple Matrix clients and libraries contain a vulnerability that can potentially be abused to expose encrypted messages. The organization said a blunder in an implementation of the Matrix key sharing scheme - designed to allow a user's newly logged-in device to obtain the keys to decrypt old messages - led to the creation of client code that fails to adequately verify device identity.

Crypto.com describes itself as the world's fastest-growing crypto app with over 10 million users across 90+ countries. The network slowdown kept recurring throughout the week, including today and has led to issues such as massive delays in purchases being reflected in the users' accounts.

A security blip in the current version of Zoom could inadvertently leak users' data to other meeting participants on a call. The flaw stems from a glitch in the screen sharing function of video conferencing platform Zoom.

A problem that halted trading on the Paris stock market and others across Europe was a "Middleware" issue and not a cyber attack, operator Euronext said Tuesday. Trading ground to a halt for around three hours early Monday in Amsterdam, Brussels, Dublin, Lisbon and Paris, and the French market closed late, before issuing a statement that most trades made after 5:30 local time would be annulled.

Twitter went offline for almost two hours on Thursday, in an outage that the social media platform - used by hundreds of millions worldwide - blamed on a technical glitch. On Thursday Twitter said that, under changes to its Hacked Materials Policy, it would "No longer remove hacked content unless it is directly shared by hackers or those acting in concert with them."

The social media giant said that it recently discovered that 5,000 developers received data from Facebook users - long after their access to that data should have expired. In 2018, on the heels of the Cambridge Analytica privacy incident, Facebook debuted stricter controls over data collection by third-party app developers.