No ‘Silver Bullet’ Fix for Alexa, Google Smart Speaker Hacks
Karsten Nohl, who was behind this week’s research that outlined new eavesdropping hacks for Alexa and Google Home, says that privacy for smart home assistants still has a ways to go.
Featured news
Survey Finds People are Privacy Hypocrites
1
A report by HP found that most people admit to looking at others’ computer screens and documents in the workplace while still keeping their own privacy top of mind.
Magecart 5 Linked to Carbanak Gang
The Magecart splinter group known for supply-chain attacks appears to be tied to advanced threat actors.
FTC Cracks Down on Stalkerware With Retina-X App Bans
The FTC has banned the sale of three apps – marketed to monitor children and employees – unless the developers can prove that the apps will be used for legitimate purposes.
Editor's Picks
-
Adobe Unscheduled Update Fixes Critical ColdFusion Flaws
-
Malicious Ad Blockers for Chrome Caught in Ad Fraud Scheme
-
Microsoft Internet Explorer Zero-Day Flaw Addressed in Out-of-Band Security Update
-
200K Sign Petition Against Equifax Data Breach Settlement
-
Forcepoint VPN Client is Vulnerable to Privilege Escalation Attacks
Latest news
Multiple critical memory safety bugs in Firefox 69 and Firefox ESR 68.1 in particular affect medium and large government entities and enterprises.
A fresh look at the penetration testing tool Metasploit reveals the 15-year old hacking tool still has some tricks up its sleeves, even against modern defenses.
The Qode Instagram Widget and Qode Twitter Feed both have bugs that could allow redirects to malicious sites.
A survey of nearly 300 Black Hat conference attendees this year showed strong agreement that service accounts are an attractive target.
By monitoring their environment, companies can be ready to take action if any weakness – usually a software vulnerability – is found.
Most popular
Newsmaker Interviews
-
No ‘Silver Bullet’ Fix for Alexa, Google Smart Speaker Hacks
-
Marc Rogers: Success of Anonymous Bug Submission Program ‘Takes A Village’
-
Thousands of IoT Devices Bricked By Silex Malware
-
Newsmaker Interview: Bruce Schneier on Physical Cyber Threats
-
Newsmaker Interview: Troy Mursch on Top Botnet Trends
Most Recent ThreatLists
-
ThreatList: Apple Adware, Phishing, APT Attacks Threaten macOS Users
-
ThreatList: Police Use of Facial Recognition is Just Fine, Say Most Americans
-
ThreatList: Half of All Social Media Logins Are Fraud
-
ThreatList: 4.1B Records Exposed in Breaches in First Half of 2019
-
ThreatList: DMARC Adoption Nonexistent at 80% of Orgs
PodcastsView all
No ‘Silver Bullet’ Fix for Alexa, Google Smart Speaker Hacks
Karsten Nohl, who was behind this week’s research that outlined new eavesdropping hacks for Alexa and Google Home, says that privacy for smart home assistants still has a ways to go.
Podcast: Insider Attacks May Soon Cost Less Than Malware-based Equivalent
At what point will infiltrating companies via the “insider threat model” become less costly and difficult than using malware? Threatpost discusses with a SolarWinds expert.
Podcast: Departing Employees Could Mean Departing Data
Threatpost talks to Digital Guardian’s Tim Bandos about the top insider threats that enterprises are facing today.
Podcast: Vendors, Suppliers, Partners – Oh My! Who Will Increase Your Risk of Account Takeover?
In this sponsored podcast, Threatpost talks to Spycloud’s Chip Witt about the account takeover risks posed by third parties.
Why This New Cybergang is Heralding a New Age For BEC
Cybergang Silent Starling is taking BEC to the next level by targeting suppliers and going after their customers.
News Wrap: GandCrab Operators Resurface, Utilities Firms Hit By LookBack Malware
The malware landscape continues to evolve with the re-emergence of the GandCrab operators and a continued spearphishing attack spreading the LookBack RAT.
News Wrap: Emotet’s Return, U.S. Vs. Snowden, Physical Pen Testers Arrested
Threatpost editors discuss the return of Emotet, a new lawsuit against Edward Snowden and more.
Marc Rogers: Success of Anonymous Bug Submission Program ‘Takes A Village’
Marc Rogers discusses the logistics behind a recently-proposed anonymous bug submission program, meant to encourage ethical hackers to submit high-level bugs anonymously.
News Wrap: IoT Radio Telnet Backdoor And ‘SimJacker’ Active Exploit
Threatpost editors Tara Seals and Lindsey O’Donnell talk about the top news stories of the week – from leaky databases to SIM card attacks.
VideosView all
Post-GandCrab, Cybercriminals Scouring the Dark Web for the Next Top Ransomware
A detailed look at underground forums shows that cybercriminals aren’t sure where to look on the heels of the GandCrab ransomware group shutting its doors – and low-level actors are taking advantage of that by developing their own strains.
Election Security Threats: From Misinformation to Voting Machine Flaws
From insecure voting machines to social media misinformation, governments have alot to think about when it comes to securing elections.
Security Vulnerabilities Are Increasingly Putting Kids at Risk
A kid’s tablet with security vulnerabilities is only the latest privacy faux pas in a children’s connected device.
Data Security in the Cloud: How to Lock Down the Next-Gen Perimeter
Enjoy the video replay of the recent Threatpost cloud security webinar, featuring a panel of experts offering best practices and ideas for managing data in a cloudified world.
Hackers Take Over IoT Devices to ‘Click’ on Ads
A video interview and Q&A with IoT specialist Dan Demeter of Kaspersky Lab.
Lax Telco Security Allows Mobile Phone Hijacking and Redirects
A Q&A with Kaspersky Lab researcher David Jacoby examines a gaping hole in the telco customer-service process that allows adversaries to commandeer phone calls.
Post-Perimeter Security: Addressing Evolving Mobile Enterprise Threats
Experts from Gartner, Lookout and Google talk enterprise mobile security in this webinar replay.
Insider Threats Get Mean, Nasty and Very Personal
Increasingly, attackers are targeting the most vulnerable people inside companies and exploiting their weaknesses.
Forrester: Ransomware Set to Resurge As Firms Pay Off Attacks
In this video, Josh Zelonis, senior analyst at Forrester Research, discusses the next great security threats to enterprises.
SlideshowView all
2019 Malware Trends to Watch
Here are 10 top malware trends to watch for in the New Year.
Top 2018 Security and Privacy Stories
The top cybersecurity and privacy trends that biggest impact in 2018.
2019: The Year Ahead in Cybersecurity
What are the top cyber trends to watch out for in 2019? Here’s what we’re hearing.
2018: A Banner Year for Breaches
A look back at the blizzard of breaches that made up 2018.
Slideshow: Intel from Virus Bulletin 2018
This year’s Virus Bulletin conference featured top-tier research from some of the world’s best threat intelligence experts.
Slideshow: Scenes from Black Hat USA 2013
Scenes from this year’s hacking conference in Las Vegas, Nev. include a keynote by General Keith B. Alexander, Director of the National Security Agency and talks by researchers Karsten Nohl and Ralf-Phillip Weinmann.
More from CanSecWest 2013
Pwn2Own, Pwnium Attract Dollars and 0-Days by the BushelGroundbreaking Cyber Fast Track Research Program EndingAt Pwn2Own, Browser Exploits Gett
Ryan McGeehan and Chad Greene
Ryan McGeehan, the director of incident response at Facebook and Chad Greene, the manager of the Facebook CERT on Thursday both explained how the social network has planned red team exercises in the past to prepare the company’s security team for a real attack.
Stefan Esser
Mobile security researcher Stefan Esser discussed the security model of Apple iOS and some of the recent changes the company has made to lock it down even further.