Threatpost

Exchange/Outlook Autodiscover Bug Spills $100K+ Email Passwords Hundreds of thousands of email credentials, many of which double as Active Directory domain credentials, came through to credential-trapping domains in clear text. TangleBot Malware Reaches Deep into Android Device Functions The mobile baddie grants itself access to almost everything, enabling spying, data-harvesting, stalking and fraud attacks, among others. Critical Cisco Bugs Allow Code Execution on Wireless, SD-WAN Unauthenticated cyberattackers can also wreak havoc on networking device configurations. Apple Patches 3 More Zero-Days Under Active Attack One of the bugs, which affects macOS as well as older versions of iPhones, could allow an attacker to execute arbitrary code with kernel privileges. REvil Affiliates Confirm: Leadership Were Cheating Dirtbags After news of REvil's rip-off-the-affiliates backdoor & double chats, affiliates fumed, reiterating prior claims against the gang in "Hackers Court." 5 Tips for Achieving Better Cybersecurity Risk Management Casey Ellis, founder, CTO and chairman of Bugcrowd, discusses a roadmap for lowering risk from cyberattacks most effectively. 100M IoT Devices Exposed By Zero-Day Bug A high-severity vulnerability could cause system crashes, knocking out sensors, medical equipment and more. FamousSparrow APT Wings in to Spy on Hotels, Governments A custom "SparrowDoor" backdoor has allowed the attackers to collect data from targets around the globe. Google Report Spotlights Uptick in Controversial ‘Geofence Warrants’ by Police Digital privacy rights defenders contend that geofencing warrants grab data on everyone near a crime, without cause. Acronis Offers up to $5,000 to Users Who Spot Bugs in Its Cyber Protection Products Once available only to the cybersecurity community, Acronis has opened its bug-hunting program to the public and aims to double the total bounties paid.

Distributed by aarss.com.