Oracle Kills 402 Bugs in Massive October Patch Update
Over half of Oracle’s flaws in its quarterly patch update can be remotely exploitable without authentication; two have CVSS scores of 10 out of 10.
Featured news
Egregor Claims Responsibility for Barnes & Noble Attack, Leaks Data
The ransomware gang claims to have bought network access to the bookseller’s systems before encrypting the networks and stealing “financial and audit data.”
Cybercriminals Step Up Their Game Ahead of U.S. Elections
Ahead of the November U.S. elections, cybercriminals are stepping up their offensive in both attacks against security infrastructure and disinformation campaigns – but this time, social media giants, the government and citizens are more prepared.
Google Patches Actively-Exploited Zero-Day Bug in Chrome Browser
The memory-corruption vulnerability exists in the browser’s FreeType font rendering library.
Related Content
Brought to you by
Latest news
The Feds have published a Top 25 exploits list, rife with big names like BlueKeep, Zerologon and other notorious security vulnerabilities.
The majority of the bugs in Cisco’s Firepower Threat Defense (FTD) and Adaptive Security Appliance (ASA) software can enable denial of service (DoS) on affected devices.
Cybercriminal gang Darkside sent $20K in donations to charities in a ‘Robin Hood’ effort that’s likely intended to draw attention to future data dumps, according to experts.
The out-of-band patches follow a lighter-than-usual Patch Tuesday update earlier this month.
Amazon, Apple, Netflix, Facebook and WhatsApp are top brands leveraged by cybercriminals in phishing and fraud attacks – including a recent strike on a half-million Facebook users.
Most popular
-
Adobe Fixes 16 Critical Code-Execution Bugs Across Portfolio
-
Critical SonicWall VPN Portal Bug Allows DoS, Worming RCE
-
Google, Intel Warn on ‘Zero-Click’ Kernel Bug in Linux-Based IoT Devices
-
Phishers Capitalize on Headlines with Breakneck Speed
-
Ryuk Ransomware Gang Uses Zerologon Bug for Lightning-Fast Attack
Newsmaker Interviews
-
305 CVEs and Counting: Bug-Hunting Stories From a Security Engineer
-
A Cyber ‘Vigilante’ is Sabotaging Emotet’s Return
-
Black Hat USA 2020: Critical Meetup.com Flaws Reveal Common AppSec Holes
-
Encryption Under ‘Full-Frontal Nuclear Assault’ By U.S. Bills
-
Going Down the Spyware Rabbit Hole with SilkBean Mobile Malware
Most Recent ThreatLists
PodcastsView all
Phishing Lures Shift from COVID-19 to Job Opportunities
Fortinet researchers are seeing a pivot in the spear-phishing and phishing lures used by cybercriminals, to entice potential job candidates as businesses open up.
News Wrap: Barnes & Noble Hack, DDoS Extortion Threats and More
From a cyberattack on Barnes & Noble to Zoom rolling out end-to-end encryption, Threatpost editors break down the top security stories of the week.
305 CVEs and Counting: Bug-Hunting Stories From a Security Engineer
Larry Cashdollar, senior security response engineer at Akamai, talks about the craziest stories he’s faced, reporting CVEs since 1994.
Critical Industrial Flaws Pose Patching Headache For Manufacturers
When it comes to patching critical flaws, industrial firms face various challenges – with some needing to shut down entire factories in order to apply updates.
Vulnerability Disclosure: Ethical Hackers Seek Best Practices
Cybersecurity researchers Brian Gorenc and Dustin Childs talk about the biggest vulnerability disclosure challenges in IoT and the industrial vertical.
Disinformation Spurs a Thriving Industry as U.S. Election Looms
Threat actors are becoming increasingly sophisticated in launching disinformation campaigns – and staying under the radar to avoid detection from Facebook, Twitter and other platforms.
News Wrap: AWS Cryptojacking Worm, IBM Privacy Lawsuit and More
Threatpost editors discuss a cryptomining malware targeting AWS systems, a recent development in a lawsuit against the IBM-owned Weather Channel app, and more.
Researchers Warn of Active Malware Campaign Using HTML Smuggling
A recently uncovered, active campaign called “Duri” makes use of HTML smuggling to deliver malware.
New Global Threat Landscape Report Reveals ‘Unprecedented’ Cyberattacks
Fortinet’s recently released Global Threat Landscape Report shows how the perimeter is extending to the home in the first half of 2020 – and what that means for cybercrime.
VideosView all
Cybercriminals Step Up Their Game Ahead of U.S. Elections
Ahead of the November U.S. elections, cybercriminals are stepping up their offensive in both attacks against security infrastructure and disinformation campaigns – but this time, social media giants, the government and citizens are more prepared.
A Cyber ‘Vigilante’ is Sabotaging Emotet’s Return
During Black Hat USA 2020, Threatpost talks to Sherrod DeGrippo, with Proofpoint, about Emotet’s recent return -and how a cyber vigilante is attempting to thwart the malware’s comeback.
Black Hat USA 2020: Critical Meetup.com Flaws Reveal Common AppSec Holes
With Black Hat USA 2020 kicking off this week, Erez Yalon with Checkmarx talks about newly disclosed, critical vulnerabilities in Meetup.com – and why they are the “holy grail” for attackers.
Encryption Under ‘Full-Frontal Nuclear Assault’ By U.S. Bills
The U.S. government and tech companies continue to butt heads over the idea of encryption and what that means for law enforcement.
Chris Vickery: AI Will Drive Tomorrow’s Data Breaches
Chris Vickery talks about his craziest data breach discoveries and why “vishing” is the next top threat no one’s ready for.
The Enemy Within: How Insider Threats Are Changing
Insider-threat security experts unravel the new normal during this time of remote working, and explain how to protect sensitive data from this escalating risk.
BEC Gang Exploits G Suite, Long Domain Names in Cyberattacks
BEC gangs like “Exaggerated Lion” are using tricky tactics – like exploiting G Suite – to scam companies out of millions.
Fake Skype, Signal Apps Used to Spread Surveillanceware
Threat groups are increasingly relying on trojanized apps pretending to be legitimate – such as Skype or Signal – but are really spreading surveillanceware.
Tokyo Olympics Postponed, But 5G Security Lessons Shine
Threatpost Senior Editor Tara Seals is joined by Russ Mohr, engineer and Apple evangelist at MobileIron along with Jerry Ray, COO at SecureAge, for a discussion about the now postponed Tokyo Games and its use of 5G and the myriad of security concerns Japan is preparing for.
SlideshowView all
2020 Cybersecurity Trends to Watch
Mobile becomes a prime phishing attack vector, hackers will increasingly employ machine learning in attacks and cloud will increasingly be seen as fertile ground for compromise.
Top Mobile Security Stories of 2019
Cybercrime increasingly went mobile in 2019, with everything from Apple iPhone jailbreaks and rogue Android apps to 5G and mobile-first phishing dominating the news coverage. Here are Threatpost’s Top 10 mobile security stories of 2019.
Facebook Security Debacles: 2019 Year in Review
2019 was a tumultuous year for Facebook as it continued to grapple with privacy fallout after Cambridge Analytica, as well as dealing with a slew of security challenges.
Biggest Malware Threats of 2019
2019 was another banner year for bots, trojans, RATS and ransomware. Let’s take a look back.
Top 10 IoT Disasters of 2019
From more widescale, powerful distributed denial of service (DDoS) attacks, to privacy issues in children’s connected toys, here are the top IoT disasters in 2019.
2019 Malware Trends to Watch
Here are 10 top malware trends to watch for in the New Year.
Top 2018 Security and Privacy Stories
The top cybersecurity and privacy trends that biggest impact in 2018.
2019: The Year Ahead in Cybersecurity
What are the top cyber trends to watch out for in 2019? Here’s what we’re hearing.
2018: A Banner Year for Breaches
A look back at the blizzard of breaches that made up 2018.