Facebook Stored Passwords in Plain Text For Years
The social media giant said that it is notifying users whose passwords it stored in plain text, which made them accessible for Facebook employees to view.
Featured news
MyPillow and Amerisleep Targeted in Magecart Group Attacks
In both breaches of MyPillow and Amerisleep, the customers whose payment information was potentially stolen were not informed.
Hackers Take Down Safari, VMware and Oracle at Pwn2Own
On the first day of Pwn2Own 2019 hackers poked holes in Apple Safari, VMware Workstation and Oracle VirtualBox.
Cisco Patches High-Severity Flaws in IP Phones
The most serious vulnerabilities in Cisco’s 8800 Series IP Phones could allow unauthenticated, remote attackers to conduct a cross-site request forgery attack or write arbitrary files to the filesystem.
Editor's Picks
Latest news
Researchers said 1 million user sessions could have been exposed to the campaign, which downloads the Shlayer trojan.
Experts from Gartner, Lookout and Google talk enterprise mobile security in this webinar replay.
The campaign, codenamed “Bad Tidings,” has sought out victims’ credentials with clever fake landing pages pretending to be the Saudi Arabian Ministry of Interior’s e-Service portal.
Despite the 2018 crackdown on Fin7, the cybercrime group has been ramping up its efforts with two new malware samples and an attack panel.
Until a report this week, Uber’s Surfcam’s use was thought to be limited to incidents uncovered in Singapore in 2017. For its part, Uber denies that it’s a “spyware.”
Newsmaker Interviews
-
Newsmaker Interview: Bruce Schneier on Physical Cyber Threats
-
Newsmaker Interview: Troy Mursch on Top Botnet Trends
-
Chris Vickery on the Marriott Breach and a Rash of Recent High-Profile Hacks
-
Newsmaker Interview: Katie Moussouris on Improving Bug Bounty Programs
-
Newsmaker Interview: Tom Kellermann on Hacking the Midterm Elections
Most Recent ThreatLists
-
ThreatList: DDoS Attack Sizes Drop 85 Percent Post FBI Crackdown
-
Threatlist: IMAP-Based Attacks Compromising Accounts at ‘Unprecedented Scale’
-
ThreatList: Phishing Attacks Doubled in 2018
-
RSAC 2019: Malicious Emailed URLs See Triple-Digit Increase
-
ThreatList: Porn-Focused Malware Triples, Dark Web Loves It
PodcastsView all
Podcast: The High-Risk Threats Behind the Norsk Hydro Cyberattack
Threatpost talks to Phil Neray with CyberX about Tuesday’s ransomware attack on aluminum producer Norsk Hydro, and how it compares to past manufacturing attacks like Triton, WannaCry and more.
RSA Conference 2019 Recap
From privacy to patches, Threatpost editors discuss the biggest infosec news and trends that they saw this week at RSA Conference 2019.
RSA Conference 2019: Data-Wiping Cyberattacks Plague Financial Firms
A new report outlines the cyberattacks and threats that financial firms are facing.
RSA Conference 2019: Picking Apart the Foreshadow Attack
Raoul Strackx, one of the researchers who discovered the Foreshadow speculative execution vulnerability, talks at RSA about the Catch-22 issue when it comes to fixing speculative execution flaws.
Podcast: RSA Conference 2019 Preview
The Threatpost team talks about the biggest cybersecurity stories, trends and research we’ll see at RSA this year.
Threatpost News Wrap Podcast For Feb. 22
From password manager vulnerabilities to 19-year-old flaws, the Threatpost team broke down this week’s biggest news stories.
Threatpost News Wrap Podcast For Feb. 1
From Facebook’s research app being pulled from iOS devices to a new-found dump of compromised credentials, here are the top news of the week.
Threatpost News Wrap Podcast For Jan. 25
From a massive GDPR fine on a big tech company, to an emergency government security alert, here are the top security stories of the week.
Threatpost News Wrap Podcast For Jan. 18
Threatpost editors break down the top headlines from the week ended Jan. 18.
VideosView all
Post-Perimeter Security: Addressing Evolving Mobile Enterprise Threats
Experts from Gartner, Lookout and Google talk enterprise mobile security in this webinar replay.
Insider Threats Get Mean, Nasty and Very Personal
Increasingly, attackers are targeting the most vulnerable people inside companies and exploiting their weaknesses.
Forrester: Ransomware Set to Resurge As Firms Pay Off Attacks
In this video, Josh Zelonis, senior analyst at Forrester Research, discusses the next great security threats to enterprises.
RSA Conference 2019: The Expanding Automation Platform Attack Surface
Hacking into smart homes is becoming increasingly easy and a great way to steal victims’ personal information, Trend Micro said at RSA 2019.
RSA Conference 2019: Emotet Takes Aim at Latin America
RAT activity in Latin America and Asia ramped up at the end of 2018, indicating widespread coordinated targeting by threat actors.
RSA Conference 2019: Firms Continue to Fail at IoT Security
IoT is growing more popular in the home – and so too are the attacks that target these devices featuring valuable data, researchers said at RSA 2019.
RSA Conference 2019: BleedingBit Flaws Continue to Plague Firms
BleedingBit’s impact continues to spread across various devices, researchers at RSA Conference 2019 said.
RSA Video 2019: How to Defend Against an AI vs AI ‘Flash War’
Offensive cyber attack chains are accelerating rapidly thanks to a combination of artificial intelligence, machine learning and broadening threat landscape.
RSA Conference 2019: BEC Scammer Gang Takes Aim at Boy Scouts, Other Nonprofts
A scammer ring dubbed Scarlet Widow has targeted nonprofits, schools and universities with an array of business email compromise (BEC) attacks over the past few months.
SlideshowView all
2019 Malware Trends to Watch
Here are 10 top malware trends to watch for in the New Year.
Top 2018 Security and Privacy Stories
The top cybersecurity and privacy trends that biggest impact in 2018.
2019: The Year Ahead in Cybersecurity
What are the top cyber trends to watch out for in 2019? Here’s what we’re hearing.
2018: A Banner Year for Breaches
A look back at the blizzard of breaches that made up 2018.
Slideshow: Intel from Virus Bulletin 2018
This year’s Virus Bulletin conference featured top-tier research from some of the world’s best threat intelligence experts.
Slideshow: Scenes from Black Hat USA 2013
Scenes from this year’s hacking conference in Las Vegas, Nev. include a keynote by General Keith B. Alexander, Director of the National Security Agency and talks by researchers Karsten Nohl and Ralf-Phillip Weinmann.
More from CanSecWest 2013
Pwn2Own, Pwnium Attract Dollars and 0-Days by the BushelGroundbreaking Cyber Fast Track Research Program EndingAt Pwn2Own, Browser Exploits Gett
Ryan McGeehan and Chad Greene
Ryan McGeehan, the director of incident response at Facebook and Chad Greene, the manager of the Facebook CERT on Thursday both explained how the social network has planned red team exercises in the past to prepare the company’s security team for a real attack.
Stefan Esser
Mobile security researcher Stefan Esser discussed the security model of Apple iOS and some of the recent changes the company has made to lock it down even further.