Peloton’s leaky API has allowed any hacker to obtain any user’s account data — even if that user had set their profile to private.
The vulnerability, which was discovered by security research firm Pen Test Partners, allowed requests to go through for Peloton user account data without checking to make sure the request was authenticated. As a result, the exposed API could let anyone access any Peloton user’s age, gender, city, weight, workout stats, and birthday.
SecureLink and Ponemon Institute today released a new report titled “A Crisis in Third-party Remote Access Security”, revealing the alarming disconnect between an organization’s perceived third-party access threat and the security measures it employees.
Thursday, May 6 is World Password Day, a day dedicated to promoting safer password practices. Strong password management has been especially important as cyberattacks have skyrocketed since the onset of the pandemic and the switch to remote work. Here, security executives share their insight and tips on how to create and promote safer password practices in the enterprise and among employees.
Lookout, Inc. released a report showing that mobile phishing exposure doubled among financial services and insurance organizations between 2019 and 2020. The Lookout Financial Services Threat Report illustrates that these organizations were not immune to mobile phishing despite an increased adoption of mobile device management (MDM).
Digital Shadows released new research into the movement of cybercriminal marketplaces with a feature on Genesis market. According to the Digital Shadows Photon Research Team, Genesis is a high-profile and trusted repository of digital fingerprints that has grown in popularity since it was launched in beta in 2017. In 2020, Genesis commanded 65% of mentions across criminal forums for fingerprinting services. While other markets have come and gone, Genesis continues to endure and has grown year-on-year. In the last two months alone, more than 5,000 new listings have been added to Genesis, bringing the total number of listings to more than 350,000.
In a move to both improve travel experiences and reduce crowding in security checkpoint lines, Seattle-Tacoma International Airport is trailing a virtual queuing system for TSA screening checkpoints.
Antisemitic incidents remained at a historically high level across the United States in 2020, with a total of 2,024 incidents of assault, harassment and vandalism reported to ADL (the Anti-Defamation League). While antisemitic incidents declined by 4 percent after hitting an all-time high in 2019, last year was still the third-highest year for incidents against American Jews since ADL started tracking such data in 1979.
The Transportation Security Administration (TSA) is extending the face mask requirement for individuals across all transportation networks throughout the United States, including at airports, onboard commercial aircraft, on over-the-road buses, and on commuter bus and rail systems through September 13.