An executable file disguised as a .jpg leads not only to ransomware but also its builder, which can be used to create variants. | Continue reading
White-hat hackers using never-before-seen zero days against popular applications and devices against competed at two-day gathering in Chengdu. | Continue reading
Thousands of accounts showed up on the Dark Web — and customers say Disney has been no help. | Continue reading
The threats follow an DDos attack bent on taking out the Labour Party's online presence. | Continue reading
Microsoft tackles 74 bugs as part of its November Patch Tuesday security bulletin. | Continue reading
The campaign is consistent with emerging tactics from bad actors to use increasingly sophisticated social engineering and spoofing to deliver malware. | Continue reading
The issue is in an Intel chip used for remote management. | Continue reading
The move takes a broader stand to protect user data and support the requirements of CCPA nationwide. | Continue reading
The latest edition of the bi-annual hacking contest saw creative exploits in new device categories. | Continue reading
Facebook said that 100+ third-party app developers had access to restricted data for members of Groups, in its latest privacy snafu. | Continue reading
Smart voice assistants can be hijacked by attackers using lasers to send them remote, inaudible commands. | Continue reading
Servers hosting Valve Source Engine and popular games like Fortnite are targeted by a new variant of the Gafgyt botnet. | Continue reading
Chinese state-sponsored hackers are attacking telecom networks to sniff out SMS messages that contain keywords revolving around political dissidents. | Continue reading
Executives at high-profile companies are being targeted by a fake voicemail campaign hunting for Office 365 credentials. | Continue reading
The proposal would require biometrics systems to verify age before allowing visits to adult sites. | Continue reading
The APT is once again targeting the sports world, Microsoft warns. | Continue reading
CVE-2019-11043 is trivial to exploit — and a proof of concept is available. | Continue reading
A smart mobile-first phishing effort uses valid certificates to sign fake Office 365 pages, and logs keystrokes in real time. | Continue reading
An open cloud database sets the stage for phishing attacks for users of the subscription service. | Continue reading
Targeted ransomware, mobile malware and other attacks will surge, while companies will adopt AI, better cloud security and cyber insurance to help defend and protect against them. | Continue reading
A pair of bugs in the Kubernetes open-source cloud container software can be “highly dangerous” under some Kubernetes configurations, according to researchers. The flaws, CVE-2019-16276 and CVE-2019-11253, have been patched in Kubernetes builds 1.14.8, 1.15.5 and 1.16.2. Exploita … | Continue reading
Consumers don't vet apps well enough to mitigate mobile threat risk, according to the latest mobile-threat report from RiskIQ | Continue reading
The Magecart splinter group known for supply-chain attacks appears to be tied to advanced threat actors. | Continue reading
Karsten Nohl, who was behind this week’s research that outlined new eavesdropping hacks for Alexa and Google Home, says that privacy for smart home assistants still has a ways to go. | Continue reading
The travel reservation data, along with personal details, of hundreds of thousands was discovered in a database exposed online for all to see. | Continue reading
A patch is currently under revision but has not yet been incorporated into the Linux kernel. | Continue reading
The Attor malware targets government and diplomatic victims with unusual tactics. | Continue reading
Increasing concerns over unauthorized surveillance, integration with facial recognition and more are plaguing the doorbell-video camera company. | Continue reading
A campaign first observed last year has ramped up its attack methods and appears to be linked to activity targeting President Trump’s 2020 re-election campaign. | Continue reading
CVE-2019-16920 allows remote unauthenticated attackers to execute code on a target device. | Continue reading
Millions of iOS users could be vulnerable to man-in-the-middle attacks that trace back to flawed Twitter code used in popular iPhone apps. | Continue reading
In total, Microsoft has now blocked 142 file extensions that it deems as at risk or that are typically sent as malicious attachments in emails. | Continue reading
An active APT campaign aimed at tech companies is underway, which also uses a legitimate NVIDIA graphics function. | Continue reading
Wikipedia and World of Warcraft Classic users reported global outages over the weekend in targeted – and connected – DDoS attacks. | Continue reading
Attackers can drop malware, add the device to a botnet or send their own audio streams to compromised devices. | Continue reading
'AdBlock' and 'uBlock' impersonate legitimate extensions but instead engage in cookie stuffing to defraud affiliate marketing programs, a researcher has found. | Continue reading
A Change.org petition is demanding stronger accountability for Equifax in the 2017 leak that affected 150 million customers. | Continue reading
Microsoft has issued a patch for an Internet Explorer remote code execution flaw that is being actively exploited in the wild. | Continue reading
Eight cities have been hit by a data breach targeting payment cards. | Continue reading
Independent researchers found 125 different CVEs across 13 different router and NAS models. | Continue reading
Though harboring unsophisticated payloads, the Panda threat group has updated its tactics – from targets to infrastructure – and successfully mined hundreds of thousands of dollars using cryptomining malware. | Continue reading
Bug impacts VMware Workstation 15 running 64-bit versions of Windows 10 as the guest VM. | Continue reading
ReversingLabs identified cybercriminals duping certificate authorities by impersonating legitimate entities and then selling the certificates on the black market. | Continue reading
Google has kicked 24 apps off of its official Android app marketplace after spyware was discovered in them. | Continue reading
Implementing game mechanics and competition into the mix can incentivize employees to improve their cybersecurity posture. | Continue reading
Threatpost editors Tara Seals and Lindsey O'Donnell talk about the top news stories of the week – from leaky databases to SIM card attacks. | Continue reading
At every turn, the info-stealer uses legitimate services to get around normal email, endpoint and network defenses. | Continue reading
Apple will not fix the glitch until the release of iOS 13.1 later in September. | Continue reading