Reading Time: ~ 2 min.

Hookup App Leaks User Locations

Geo-locating and other sensitive data has been leaked from the
hookup app 3fun,
exposing the information for more than 1.5 million users. While some dating
apps using trilateration to find nearby users, 3fun showed location data capable
of tracing a user to a specific building or floor. Though users had the option
to disable coordinate tracking, that data was nevertheless stored and available
through the app’s API. 3fun has since resolved the leak and has hopefully
implemented stronger security measures considering the private nature of their
client’s activities.

Ransomware Attacks on DSLR Cameras

Malware authors continue to find new victims, as a ransomware
variant has been found to be remotely attacking Canon DSLR
and demanding a ransom to regain access to the device. Researchers
have found multiple vulnerabilities that could allow attackers to perform any
number of critical functions on the cameras, including displaying a ransom note
and remotely taking pictures with the camera. Fortunately, Canon has already
begun issuing patches for some of its affected devices, though it’s taking
longer to fully secure others.

Take back your privacy. Learn more about the benefits of a VPN.

Google Drive Exploit Allows Phishing Campaign to Flourish

A new phishing campaign has been discovered that uses a
legitimate Google
account to launch a phishing campaign
that impersonates the CEO asking the victim to open the Google Docs file and
navigate to the phishing site’s landing page. Luckily for victims, the campaign
has a few tells. The phony CEO email address uses a non-conforming naming
convention and the email itself appears to be a hastily compiled template.

British Airways Data Leak

has again come under scrutiny, this time after it was discovered
that their e-ticketing system was leaking sensitive passenger data. The leak stems
from flight check-in links that were sent out to customers containing both
their surname and booking confirmation numbers completely unencrypted within
the URL. Even more worrisome, this type of vulnerability has been well-known
since last February when several other airlines were found to have the same
issue by the same security firm.

Android Trojan Adds New Functionality

Following in the footsteps of Anubis, an Android banking Trojan
for which source code was recently revealed, Cerberus
has quickly filled the void without actually borrowing much of that code. One
major change is that Cerberus implemented a new method of checking if the
device is physically moving or not, in hopes of avoiding detection by both the
victim and any researchers who may be analyzing it. Additionally, this variant uses
phishing overlays from several popular sites to further collect any login
credentials or payment card data.

The post Cyber News Rundown: Hookup App Exposes Users appeared first on Webroot Blog.