Social event planning app Partiful, which calls itself "Facebook events for hot people," has firmly replaced Facebook as the go-to platform for sending party invitations. But what Partiful also has in common with Facebook is that it's collecting a tsunami of user data, and Partiful could have done better at keeping that data secure. On Partiful, hosts can create online invitations with a retro, maximalist vibe, allowing guests to RSVP to events with the ease of ordering a salad on a touch-screen.
Security researchers are shining the spotlight on a serious security vulnerability that could enable stalkers to track victims using their own Tile tags, as well as other unwanted violations of security and privacy. Research outlined by Wired shows that Tile's anti-theft mode, which makes its trackers "invisible" on the Tile network, counteracts measures to prevent stalking. Bad actors could also potentially intercept unencrypted information sent from the tags, like their unique IDs and MAC addresses,
Independent security researcher Swarang Wade found the vulnerability, which allows anyone to reset the password of any user of the stalkerware app TheTruthSpy and its many companion Android spyware apps, leading to the hijacking of any account on the platform. Given the nature of TheTruthSpy, it's likely that many of its customers are operating it without the consent of their targets, who are unaware that their phone data is being siphoned off to somebody else.
"CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS."
