More than one billion mobile users are at risk from a SIM card flaw being currently exploited by threat actors, researchers warn. | Continue reading
An exposed database containing 17 million email addresses exposed a massive fraud scheme impacting vendors like Groupon and Ticketmaster. | Continue reading
Hostinger said that unauthorized access to an internal API server exposed hashed passwords of 14 million customers. | Continue reading
The emails are well-crafted and extremely convincing. | Continue reading
Backdoor was intentionally planted in 2018 and found during the DEF CON 2019 security conference when researchers stumbled upon malicious code. | Continue reading
VideoLAN has released an updated version of its VLC Player to fix over a dozen bugs. | Continue reading
Up to 24 Apache Struts Security Advisories listed the wrong versions that were impacted by vulnerabilities, researchers warn. | Continue reading
The bug exists in a controller that oversees HVAC, lighting, sensor and alarm systems, to name a few. | Continue reading
Researchers developed an exploit that allowed them to perform an array of malicious functions against so called "mobile keys". | Continue reading
A 14-year-old hacker bricked at least 4,000 Internet of Things devices with a new strain of malware called Silex this week. Threatpost talks to the researcher who discovered the malware. | Continue reading
Remote exploitation can be achieved with no user interaction. | Continue reading
Flaws in Qualcomm chipset expose millions of Android devices to a hacking threat. | Continue reading
A pair of reports released at Black Hat mark the huge shift away from targeting consumers. | Continue reading
Researchers were able to bypass Apple's FaceID using a pair of glasses with tape on the lenses. | Continue reading
The sites are targeting job-seekers, movie aficionados and shoppers in hopes of harvesting their personal information. | Continue reading
Patient medical history and over 6 million email addresses tied to Democrats were detailed in a misconfigured storage buckets over the past few weeks. | Continue reading
Several serious privacy flaws in a kid's tablet were disclosed this year at Black Hat, which could allow a bad actor to track or send messages to children. | Continue reading
Standard email authentication to prevent spoofing and phishing remains elusive for most. | Continue reading
The proxy is being distributed by the RIG and Fallout exploit kits. | Continue reading
Apple's Siri follows Amazon Alexa and Google Home in facing backlash for its data retention policies. | Continue reading
Researchers have uncovered easy-to-exploit bugs that can impact physical safety, utilities, healthcare devices and more, setting the stage for widespread worm attacks. | Continue reading
A Spearphone attacker can use the accelerometer in LG and Samsung phones to remotely eavesdrop on any audio that's played on speakerphone, including calls, music and voice assistant responses. | Continue reading
Someone AirDropped a picture of a suicide vest to multiple people on a JetBlue flight, prompting an evacuation. | Continue reading
Threatpost editors Tara Seals and Lindsey O'Donnell discuss a recent lawsuit against Amazon for its privacy policies, a Telegram DDoS attack and more. | Continue reading
Threatpost talks to Tim Mackey with Synopsys about recent Amazon Echo and Google Home privacy faux pas. Will GDPR and other regulations catch up to the voice assistants? | Continue reading
A patch does not yet exist for a critical buffer overflow vulnerability in VLC Media Player that could enable remote code execution. | Continue reading
The bug is previously unknown but yet still fixed in later releases. However, many organizations are likely still vulnerable. | Continue reading
Lenovo, Acer and five additional server manufacturers are hit with supply-chain bugs buried in motherboard firmware. | Continue reading
An independent researcher earned a $30,000 bug bounty after discovering a weakness in the mobile recovery process. | Continue reading
Directly linking thoughts to a phone via Bluetooth — what could go wrong? | Continue reading
QNAPCrypt continues to spread via brute-force attacks. | Continue reading
Threatpost catches up with David Baker, the chief security officer at Bugcrowd, about the future of bug bounty programs. | Continue reading
Threatpost catches up with David Baker, the chief security officer at Bugcrowd, about the future of bug bounty programs. | Continue reading
The espionage tool is capable of eavesdropping on calls and messages sent via Signal, Telegram, WhatsApp and more. | Continue reading
Researchers say malware infects phones in order to sneak ads on devices for profit. | Continue reading
Amazon's acknowledgment that it saves Alexa voice recordings – even sometimes after consumers manually delete their interaction history – has thrust voice assistant privacy policies into the spotlight once again. | Continue reading
A widespread malware campaign, ongoing since 2014, was using Facebook accounts and posts to spread malware through URL links. | Continue reading
Hackers are stealing Instagram credentials through a tricky phishing scam that asks victims to apply for exclusive verified account status. | Continue reading
Millions of records containing personal information and medical insurance data were exposed by a database belonging to insurance marketing website MedicareSupplement.com. | Continue reading
Pentesters say a keyless smart lock made by U-tec, called Ultraloq, is neither ultra or secure. | Continue reading
The FDA sent out an urgent advisory warning of serious flaws in Medtronic's insulin pumps, which are used by thousands across the U.S. | Continue reading
Google finalizes its DNS-over-HTTPS service inching toward a world where DNS request are sent via HTTPS and not UDP or TCP. | Continue reading
Cisco has patched a slew of critical and high-severity flaws in its DNA Center and SD-WAN. | Continue reading
Rampant security-operations bungling allowed cyberattackers to infiltrate JPL's network, which carries human mission data. | Continue reading
Mozilla is urging users to update to Firefox 67.0.3 and Firefox ESR 60.7.1 after discovering a critical flaw under active attack. | Continue reading
A security researcher who disclosed flaws impacting 2 million IoT devices in April – and has yet to see a patch or even hear back from the manufacturers contacted – is sounding off on the dire state of IoT security. | Continue reading
Two lawsuits are seeking class-action status, alleging that Amazon records children and stores their voiceprints indefinitely. | Continue reading
Evernote's web clipper extension for Chrome is vulnerable to a critical flaw that could have exposed the data of more than 4.6 million users. | Continue reading