Facebook Offers Details on ‘View As’ Breach, Revises Numbers
Facebook’s VP of product management was able to discuss more specifics about how the breach itself occurred.
Featured news
Microsoft Zero-Day Patch for JET Bug Incomplete, Claims Firm
The official update from Microsoft only limits the vulnerability, according to 0Patch.
Facebook Bans More Than 800 Accounts in Disinformation Purge
The move comes a month before the November midterm elections – and at a time when all eyes are on Facebook to see how it protects against disinformation.
Latest news
A survey of ICS security posture found outdated firewalls, improper segmentation password mistakes and more.
Researchers devise post-intrusion attack that use existing system binaries to achieve arbitrary code execution to maintain stealth and persistence.
Gym customer data, including contact information, birth dates and height/weight data, opens the door to convincing follow-on social-engineering attacks.
Drupalgeddon 2.0 vulnerability is being exploited again by attackers using a time-honored technique of Shellbot, or PerlBot.
Meanwhile, the LokiPWS (a.k.a. Lokibot) malware family distribution is surging.
Newsmaker Interviews
-
Newsmaker Interview: Derek Manky on ‘Self-Organizing Botnet Swarms’
-
Newsmaker Interview: Troy Mursch on Why Cryptojacking Isn’t Going Away
-
Newsmaker Interview: Bruce Schneier on ‘Going Dark’ and the Crypto Arms Race
-
Newsmaker Interview: Scott Helme on Securing the Web
-
Newsmaker Interview: Patrick Wardle Talks Apple Malware Flubs and Successes
Most Recent ThreatLists
-
ThreatList: Credential Theft Spikes by Triple Digits in U.S.
-
ThreatList: Microsoft IIS Sees Triple-Digit Spike in Cyberattack Volume
-
ThreatList: Password Hygiene Remains Lackluster in Global Businesses
-
ThreatList: Hackers Turn to Python as Attack Coding Language of Choice
-
ThreatList: Microsoft Macros Remain Top Vector for Malware Delivery
PodcastsView all
Threatpost News Wrap Podcast For Oct. 12
Threatpost’s editors discuss the top news of this week.
Podcast: Key Takeaways For DevOps in BSIMM9
From supply chain to orchestration tools, here are the new trends that DevOps should pay attention to in this year’s BSIMM report.
Threatpost New Wrap Podcast For Oct. 5
Threatpost editors discuss the highlights and biggest breaking news from this past week.
Threatpost News Wrap Podcast For Sept. 7
The Threatpost team breaks down the biggest news from the week ended Sept. 7.
Threatpost News Wrap Podcast For Aug. 31
This week’s news includes a Microsoft zero-day flaw and Yahoo’s recent email privacy snafu.
Podcast: Plugging Leaky Data in the Cloud
Threatpost talks to a Google Cloud expert about the top issues users face when securing data in the cloud.
Podcast: Bad Packets Report Founder on Rising Cryptojacking Attacks
Cryptojacking attacks are on the rise. We talk to security researcher Troy Mursch about why bad actors are drawn to this attack technique.
Podcast: Bugcrowd Founder on Printer Bugs, IoT Bounty Hunting and New VDP Project
Bugcrowd’s CTO and founder Casey Ellis talked to Threatpost about the recently launched HP printer bug bounty program.
Podcast: Black Hat and DEF CON 2018 Wrap
The Threatpost team debriefs on the top news and topics from last week’s Black Hat and DEF CON conferences.
VideosView all
Video: Bishop Fox on Device Threats and Layered Security
Bishop Fox’s Christie Terrill talks to us about IoT security and other trends at Black Hat 2018 this month.
Black Hat Exclusive Video: The IoT Security Threat Looms for Enterprises
Armis’ CTO discusses the top IoT security issues in the marketplace today – and whether device manufacturers will start to prioritize security.
Black Hat Video Exclusive: Mobile APTs Redefining Phishing Attacks
Mike Murray, vice president of security intelligence at Lookout, discusses how mobile is redefining phishing, taking it out of the traditional inbox and into SMS and Facebook messages.
Akamai CSO Talks Cryptominers, IoT and the Reemergence of Old Threats
Andy Ellis, CSO Akamai, discusses how the company works with others within the cybersecurity landscape to help keep the internet safe.
HackerOne CEO Talks Bug Bounty Programs at RSA Conference
Can bug bounty programs be designed to protect consumer privacy and how do programs balance white hat disclosure versus companies sitting on vulnerabilities until they are fixed?
A Closer Look at APT Group Sofacy’s Latest Targets
Threatpost talks to Kaspersky Lab researcher Kurt Baumgartner who was instrumental in tracking the latest activities of the Russian-speaking Sofacy APT gang.
Programs Controlling ICS Robotics Are ‘Wide Open’ to Vulnerabilities
Dewan Chowdhury, founder of MalCrawler, talks at SAS about the risks that companies face when securing their industrial control systems and robotics.
The ‘Perfect Storm’ of Disinformation and Hacking
Matt Tait gives a list of examples throughout history where politically motivated groups have used disinformation and hacking as part of a campaign to shape public opinion.
Cisco Warns of Critical Flaw in Voice OS-based Products
Cisco Systems issued patch that fixes a critical vulnerability impacting 12 products running the Cisco Voice Operating System software.
SlideshowView all
Slideshow: Intel from Virus Bulletin 2018
This year’s Virus Bulletin conference featured top-tier research from some of the world’s best threat intelligence experts.
Slideshow: Scenes from Black Hat USA 2013
Scenes from this year’s hacking conference in Las Vegas, Nev. include a keynote by General Keith B. Alexander, Director of the National Security Agency and talks by researchers Karsten Nohl and Ralf-Phillip Weinmann.
More from CanSecWest 2013
Pwn2Own, Pwnium Attract Dollars and 0-Days by the BushelGroundbreaking Cyber Fast Track Research Program EndingAt Pwn2Own, Browser Exploits Gett
Ryan McGeehan and Chad Greene
Ryan McGeehan, the director of incident response at Facebook and Chad Greene, the manager of the Facebook CERT on Thursday both explained how the social network has planned red team exercises in the past to prepare the company’s security team for a real attack.
Stefan Esser
Mobile security researcher Stefan Esser discussed the security model of Apple iOS and some of the recent changes the company has made to lock it down even further.
Chaouki Bekrar
The team from French research firm VUPEN, including CEO Chaouki Bekrar, has dominated the Pwn2Own hacking contest, taking down several targets, including Internet Explorer 10, Java and Mozilla Firefox. They plan to attack Adobe Flash on Thursday.
Mudge on the CFT
Peiter Zatko, also known as Mudge, has run the DARPA Cyber Fast Track program for the last three years, but he said that the researcher program is ending on April 1. The CFT program funded a wide range of security research projects in its time, including Charlie Miller’s NFC work and Moxie Marlinspike’s Convergence system.
Vancouver, British Columbia
The CanSecWest conference in Vancouver attracts some of the top security researchers from around the world each year.
More from the Kaspersky Lab/Threatpost Security Analyst Summit
Chris Soghoian on Wireless Carriers and Android SecurityPartial Disclosure Leaves Adobe Reader Zero-Day Story in Limbo