Tue. Sep 17th, 2019

THE BIG STORY

1. Apple will now pay up to $1 million for reporting bugs

At the annual Black Hat conference, Apple announced that it’s making major changes to its bug bounty program. One of the biggest changes being that the tech giant has increased the maximum reward for discovering vulnerabilities from $200,000 per exploit to $1 million.

 

WE’RE KEEPING AN EYE ON

2. Robocall blocker apps are giving up your personal information, research finds

An analysis of robocall-blocker apps found that some of the most popular apps — including TrapCall, Truecaller, and Hiya — are collecting personal information from people’s devices, without consent, and sending this information to third-party analytics firms.

 

INCIDENTS THIS WEEK

3. E-commerce site StockX was hacked exposing millions of customers’ data

The fashion and sneaker trading platform StockX was hit by hackers at the end of last week. Initially, the company didn’t acknowledge the attack and first reset users’ passwords. However, after some digging, reporters were able to verify that users’ account data was stolen from the site back in May. Luckily, financial data wasn’t involved.

 

4. Poshmark confirms data breach, users reset your passwords

In a brief post, Poshmark — the online clothing marketplace — confirmed a data breach. No financial data was stolen, but user information such as email addresses, size preferences, and scrambled passwords was taken.

 

5. Vulnerability in Leapfrog children’s tablet exposed data

Leapfrog’s LeapPad Ultimate Tablet, which is made for children between the ages of 3 to 6, had vulnerabilities that could’ve let attackers intercept information from the devices, locate them and send messages to users.

 

INTERESTING READ

6. Package delivery! Cybercriminals at your doorstep

Have you heard about warshipping? The practice involves mailing a small computer to a target company. Once the package has been delivered to the mailroom, it is activated and attempts to connect to the corporate network. IBM red team hackers were able to use this technique to infiltrate various networks; they even produced a video showing you how the attack is done. — Security Intelligence