Threatpost AT&T, Verizon Subscribers Exposed as Mobile Bills Turn Up on the Open Web Names, addresses, phone numbers, call and text message records and account PINs were all caught up in a cloud misconfiguration. Feds Offer $5M Reward to Nab ‘Evil Corp’ Dridex Hacker Authorities cracked down on cybercrime group Evil Corp. with sanctions and charges against its leader, known for his lavish lifestyle. HackerOne Breach Leads to $20,000 Bounty Reward HackerOne has paid out $20,000 to a bounty hunter who discovered a session cookie issue, due to "human error," on the bug bounty platform. OpenBSD Hit with Authentication, LPE Bugs The authentication bypass (CVE-2019-19521) is remotely exploitable. ‘Ultimate’ MiTM Attack Steals $1M from Israeli Startup Researchers uncovers "ultimate man-in-the-middle attack" that used an elaborate spoofing campaign to fool a Chinese VC firm and rip off an emerging business. ThreatList: 1 in 9 SMBs Believe Nation-State Actors Are Targeting Them Larger SMBs are more likely to feel targeted by APTs. Nebraska Medicine Breached By Rogue Employee Nebraska Medicine is warning that a rogue, former employee accessed patients' medical records, Social Security numbers and more. ‘Highly Competitive’ Buer Loader Emerges in Underground Markets A previously undocumented loader has been discovered in several recent malware campaigns and being sold on underground markets. Iran Targets Mideast Oil with ZeroCleare Wiper Malware Likely the work of APT34, ZeroCleare is bent on destruction and disruption, rather than information-stealing. EFF Talks the Corporate Surveillance of Consumers The EFF explains how data is being tracked and used on the web and mobile devices, how consumers can protect themselves - and why it's not all bad news. Distributed by aarss.com.