Severe PHP Exploit Threatens WordPress Sites with Remote Code Execution
The issue impacts several content management systems, including Typo3 and WordPress, as well as widely-used PDF generation library TCPDF.
Featured news
AT&T Faces $224M Legal Challenge Over SIM-Jacking Rings
Cryptocurrency angel investor Michael Terpin seeks damages for “gross negligence” by the carrier, alleging it turned a blind eye to store employees’ malicious activities.
Philips Vulnerability Exposes Sensitive Cardiac Patient Information
The unpatched flaw would allow a bad actor to execute information-exfiltrating malware, backdoors, ransomware or any other kind of bad code he or she chose.
Unique Malspam Campaign Uses MS Publisher to Drop a RAT on Banks
A new email campaign includes a Microsoft Office Publisher file with malicious URLs leading to the FlawedAmmyy RAT.
Editor's Picks
-
Google Expands Bug-Bounty Program to Battle Abuse Methods
-
Open MQTT Servers Raise Physical Threats in Smart Homes
-
Google Chrome Bug Opens Access to Private Facebook Information
-
Microsoft Cortana Flaw Allows Web Browsing on Locked PCs
-
BlackIoT Botnet: Can Water Heaters, Washers Bring Down the Power Grid?
Latest news
An analysis of the world’s most-visited websites shows that vulnerable software, too much active content and large amounts of code execution open visitors to a raft of potential dangers.
The Cosmos Bank incident is only the latest, not the last, thanks to lagging security practices.
A new downloader, which has been spotted in an array of recent email campaigns, uses anti-analysis techniques and calls in a system fingerprinting module.
Trickbot is back, this time with a stealthy code injection trick.
The targets were scanned millions of times, and are all in some way linked to China’s ongoing economic development activities, according to Recorded Future.
Newsmaker Interviews
-
Newsmaker Interview: Troy Mursch on Why Cryptojacking Isn’t Going Away
-
Newsmaker Interview: Bruce Schneier on ‘Going Dark’ and the Crypto Arms Race
-
Newsmaker Interview: Scott Helme on Securing the Web
-
Newsmaker Interview: Patrick Wardle Talks Apple Malware Flubs and Successes
-
Newsmaker Interview: VDOO CEO Talks Top IoT Threats
Most Recent ThreatLists
-
ThreatList: Almost Half of the World’s Top Websites Deemed ‘Risky’
-
ThreatList: Telecom Sector Plagued with Advanced Malware
-
ThreatList: Financial-Themed Phishing Hooks Targets in Q2
-
ThreatList: Almost All Security Pros Believe Election Systems Are at Risk
-
ThreatList: Financial Services Firms Lag in Patching Habits
PodcastsView all
Podcast: Bugcrowd Founder on Printer Bugs, IoT Bounty Hunting and New VDP Project
Bugcrowd’s CTO and founder Casey Ellis talked to Threatpost about the recently launched HP printer bug bounty program.
Podcast: Black Hat and DEF CON 2018 Wrap
The Threatpost team debriefs on the top news and topics from last week’s Black Hat and DEF CON conferences.
Podcast: enSilo CEO on Black Hat USA 2018 Top Trends
As Black Hat’s keynote kicks off today, Threatpost pinpoints the most popular trends of the conference with enSilo’s CEO.
Podcast: Black Hat USA 2018 Preview
Threatpost editors Tom Spring, Lindsey O’Donnell and Tara Seals preview Black Hat USA and DEF CON 2018, which both take place this week in Las Vegas.
Podcast: Why Bitcoin Miners Target Critical Infrastructure Networks
Ronen Rabinovich from Cyberbit explains why malicious bitcoin mining malware is increasing on industrial control systems.
Threatpost News Wrap Podcast For July 27
Threatpost editors Tom Spring and Lindsey O’Donnell talk about the week’s biggest news.
Podcast: The Industrial World is Facing a Security Crisis
Eddie Habibi, the CEO of industrial IoT security company PAS, sounds off on how to secure the increasingly connected industrial control space.
Newsmaker Interview: Marten Mickos on the Future of Bug Bounty
Mickos sat down with Threatpost’s Lindsey O’Donnell to talk about bug bounty program opportunities, challenges, and ultimately how programs are evolving.
Podcast: The Growing Social Media Threat Landscape
How can we keep up with the social media threat landscape as it grows to include more malware, hacks and scams? We discuss on the latest Threatpost podcast.
VideosView all
Black Hat Exclusive Video: The IoT Security Threat Looms for Enterprises
Armis’ CTO discusses the top IoT security issues in the marketplace today – and whether device manufacturers will start to prioritize security.
Black Hat Video Exclusive: Mobile APTs Redefining Phishing Attacks
Mike Murray, vice president of security intelligence at Lookout, discusses how mobile is redefining phishing, taking it out of the traditional inbox and into SMS and Facebook messages.
Akamai CSO Talks Cryptominers, IoT and the Reemergence of Old Threats
Andy Ellis, CSO Akamai, discusses how the company works with others within the cybersecurity landscape to help keep the internet safe.
HackerOne CEO Talks Bug Bounty Programs at RSA Conference
Can bug bounty programs be designed to protect consumer privacy and how do programs balance white hat disclosure versus companies sitting on vulnerabilities until they are fixed?
A Closer Look at APT Group Sofacy’s Latest Targets
Threatpost talks to Kaspersky Lab researcher Kurt Baumgartner who was instrumental in tracking the latest activities of the Russian-speaking Sofacy APT gang.
Programs Controlling ICS Robotics Are ‘Wide Open’ to Vulnerabilities
Dewan Chowdhury, founder of MalCrawler, talks at SAS about the risks that companies face when securing their industrial control systems and robotics.
The ‘Perfect Storm’ of Disinformation and Hacking
Matt Tait gives a list of examples throughout history where politically motivated groups have used disinformation and hacking as part of a campaign to shape public opinion.
Cisco Warns of Critical Flaw in Voice OS-based Products
Cisco Systems issued patch that fixes a critical vulnerability impacting 12 products running the Cisco Voice Operating System software.
Mark Dowd on Exploit Mitigation Development
Mark Dowd discusses why certain exploit mitigations have been so successful in driving up the cost of exploit development for attackers.
SlideshowView all
Slideshow: Scenes from Black Hat USA 2013
Scenes from this year’s hacking conference in Las Vegas, Nev. include a keynote by General Keith B. Alexander, Director of the National Security Agency and talks by researchers Karsten Nohl and Ralf-Phillip Weinmann.
More from CanSecWest 2013
Pwn2Own, Pwnium Attract Dollars and 0-Days by the BushelGroundbreaking Cyber Fast Track Research Program EndingAt Pwn2Own, Browser Exploits Gett
Ryan McGeehan and Chad Greene
Ryan McGeehan, the director of incident response at Facebook and Chad Greene, the manager of the Facebook CERT on Thursday both explained how the social network has planned red team exercises in the past to prepare the company’s security team for a real attack.
Stefan Esser
Mobile security researcher Stefan Esser discussed the security model of Apple iOS and some of the recent changes the company has made to lock it down even further.
Chaouki Bekrar
The team from French research firm VUPEN, including CEO Chaouki Bekrar, has dominated the Pwn2Own hacking contest, taking down several targets, including Internet Explorer 10, Java and Mozilla Firefox. They plan to attack Adobe Flash on Thursday.
Mudge on the CFT
Peiter Zatko, also known as Mudge, has run the DARPA Cyber Fast Track program for the last three years, but he said that the researcher program is ending on April 1. The CFT program funded a wide range of security research projects in its time, including Charlie Miller’s NFC work and Moxie Marlinspike’s Convergence system.
Vancouver, British Columbia
The CanSecWest conference in Vancouver attracts some of the top security researchers from around the world each year.
More from the Kaspersky Lab/Threatpost Security Analyst Summit
Chris Soghoian on Wireless Carriers and Android SecurityPartial Disclosure Leaves Adobe Reader Zero-Day Story in Limbo
ICS Security From the Trenches Speakers Billy Rios and Terry McCorkle
Billy Rios, left, and Terry McCorkle gave details on a new zero-day vulnerability they found in the Tridium Niagara software platform.