A researcher says he received a $10,000 bounty from Facebook after finding a critical vulnerability that could have been exploited to delete any photo from the social media network. In early November, Facebook announced a new feature for posting polls that include images and GIF animations. Iran-based security researcher and web developer Pouya Darabi analyzed…

Two US states on Wednesday confirmed they are investigating Uber’s cover-up of a hack at the ride-sharing giant that compromised the personal information of 57 million users and drivers. Uber purportedly paid data thieves $100,000 to destroy the swiped information — and remained quiet about the breach for a year. That decision evidently came despite…

Catfishing, the practice of pretending to be someone else online, became a cultural phenomenon through MTV’s popular TV show “Catfish,” driving more attention to our obsession with our online personas. However, it’s not just social media that needs additional scrutiny. In the wake of several recent major data breaches of personally identifiable information (PII) such…

An update released on Thursday by Apple for its macOS High Sierra operating system patches two vulnerabilities, including one that allows malicious applications to steal passwords from the Keychain. The Keychain flaw, tracked as CVE-2017-7150, was disclosed last week by Patrick Wardle, director of research at Synack. Apple has now addressed the issue with the release of High…

Despite the clear and present danger that weak passwords pose to organizations, many remain focused on implementing technology based on policy, not the user, to address the problem. How do you manage password security? More than half of IT executives surveyed rely on employees alone to monitor their own password behavior, subsequently leaving the company at risk,…

Emails are a widely used means for third parties to tie your email address to your activities across the web, Princeton University researchers have discovered. The extent of email tracking Email tracking was originally aimed at allowing senders to know whether the recipient has read the sent email. Unfortunately, many third parties also receive this…