The UK online used goods bazaar Gumtree exposed its users’ home addresses in the source code of its webpages, and then tried to squirm out of a bug bounty after infosec bods alerted it to the flaw.

Superior, which supplies more than 780,000 customers in the US and Canada, said it had “temporarily disabled” some of its systems in the wake of the attack and is working to get them back online.

To empower the next generation of Android security researchers, Google has collaborated with industry partners including HackerOne and PayPal to host a number of Android App Hacking Workshops.

Customers of Chase, Wells Fargo, Bank of America, and Capital One, along with nearly 400 other financial firms, are being targeted by a malicious app posing as an official platform by Orange S.A.

A Trend Micro report predicts global organizations will emerge more alert and better prepared in 2022 thanks to a comprehensive, proactive, cloud-first approach to mitigating cyber risk.

LogMeIn, a provider of cloud-based solutions such as LastPass, GoToConnect, GoToMeeting, and Rescue, announced the intent to establish LastPass as an independent company.

The Oregon Anesthesiology Group (OAG) said it suffered a ransomware attack in July that led to the breach of sensitive information of 522 current and former employees, as well as 750,000 patients.

In the attack technique called Bring Your Own Vulnerable Driver (BYOVD), an adversary with administrative privileges installs a legitimately signed driver with a vulnerability on the victim system.

A remote code execution flaw exists in log4j2, which is used by basically every Java application on the planet. It’s remotely exploitable, and not just through the front end, but on the back ends.

Products impacted by Microsoft’s December security update include Microsoft Office, Microsoft PowerShell, the Chromium-based Edge browser, the Windows Kernel, Print Spooler, and Remote Desktop Client.