Chrome Now Features Site Isolation to Defend Against Spectre
A new feature called site isolation is being tapped to protect Chrome users against Spectre.
Featured news
Cisco Patches High-Severity Bug in VoIP Phones
Cisco also patched three medium-security flaws in its network security offerings; and, it issued a fix for a high-severity bug in its platform for mobile operator routers, StarOS.
Newsmaker Interview: Scott Helme on Securing the Web
Threatpost sat down with Helme to discuss the state of web security, including certificate transparency, HTTPS deployment, Let’s Encrypt, content security policy and HTTP strict transport security.
Multiple Bugs Found in QNAP Q’Center Web Console
QNAP said in a security advisorythat it has fixed the issues in Q’Center Virtual Appliance, and urged customers to update to the latest version.
Editor's Picks
-
Apple OS Update Lifts Curtain on iPhone USB Restricted Mode
-
Polar Fitness App Exposes Location of ‘Spies’ and Military Personnel
-
Samsung Investigates Claims of Spontaneous Texting of Images to Contacts
-
Bug Bounty Programs Turn Attention to Data Abuse
-
WebAssembly Changes Could Ruin Meltdown and Spectre Browser Patches
Latest news
The thief also had a second dataset, including the M1 Abrams maintenance manual, a tank platoon training course, a crew survival course and documentation on improvised explosive device (IED) mitigation tactics.
Cisco also patched three medium-security flaws in its network security offerings; and, it issued a fix for a high-severity bug in its platform for mobile operator routers, StarOS.
Old banking malware called Dorkbot has reemerged in 2018 to become a serious threat.
A new feature called site isolation is being tapped to protect Chrome users against Spectre.
A whopping 800 e-commerce sites around the world have been targeted by the Magecart criminal group so far, according to RiskIQ.
Newsmaker Interviews
Most Recent ThreatLists
PodcastsView all
Newsmaker Interview: Marten Mickos on the Future of Bug Bounty
Mickos sat down with Threatpost’s Lindsey O’Donnell to talk about bug bounty program opportunities, challenges, and ultimately how programs are evolving.
Podcast: The Growing Social Media Threat Landscape
How can we keep up with the social media threat landscape as it grows to include more malware, hacks and scams? We discuss on the latest Threatpost podcast.
Threatpost News Wrap Podcast for June 8
Threatpost editors discuss the stories behind the biggest news that broke this week.
Podcast: How Cities Can Be Security Smart
Threatpost talks to Tenable CTO Renaud Deraison about the security risks behind smart cities.
Threatpost News Wrap Podcast for May 18
Threatpost editors Tom Spring, Tara Seals and Lindsey O’Donnell discuss the week’s information security news.
Podcast: The Evolution of Deception Technology
Deception technology is an emerging category of cyber defense that is particularly useful when it comes to IoT devices, SCADA systems and medical devices.
A Look Inside: Bug Bounties and Pen Testing
Threatpost talks to Christie Terrill of Bishop Fox about the pros and cons of using bug bounty programs versus penetration testing for companies.
Podcast: Why Manufacturers Struggle To Secure IoT
Too often, many IoT device manufacturers are opting to leave out costly security features for their small, low power connected devices.
Podcast: How Millions of Apps Leak Private Data
Threatpost’s Tom Spring talked to Roman Unuchek, senior malware analyst at Kaspersky Lab, about his discoveries this week at the RSA Conference.
VideosView all
Akamai CSO Talks Cryptominers, IoT and the Reemergence of Old Threats
Andy Ellis, CSO Akamai, discusses how the company works with others within the cybersecurity landscape to help keep the internet safe.
HackerOne CEO Talks Bug Bounty Programs at RSA Conference
Can bug bounty programs be designed to protect consumer privacy and how do programs balance white hat disclosure versus companies sitting on vulnerabilities until they are fixed?
A Closer Look at APT Group Sofacy’s Latest Targets
Threatpost talks to Kaspersky Lab researcher Kurt Baumgartner who was instrumental in tracking the latest activities of the Russian-speaking Sofacy APT gang.
Programs Controlling ICS Robotics Are ‘Wide Open’ to Vulnerabilities
Dewan Chowdhury, founder of MalCrawler, talks at SAS about the risks that companies face when securing their industrial control systems and robotics.
The ‘Perfect Storm’ of Disinformation and Hacking
Matt Tait gives a list of examples throughout history where politically motivated groups have used disinformation and hacking as part of a campaign to shape public opinion.
Cisco Warns of Critical Flaw in Voice OS-based Products
Cisco Systems issued patch that fixes a critical vulnerability impacting 12 products running the Cisco Voice Operating System software.
Mark Dowd on Exploit Mitigation Development
Mark Dowd discusses why certain exploit mitigations have been so successful in driving up the cost of exploit development for attackers.
iOS 10 Passcode Bypass Can Access Photos, Contacts
A vulnerability in iOS 8, 9, 10, and even the most recent beta version, 10.2 beta 3, could allow an attacker to access photos and contacts on a locked iPhone.
BASHLITE Family Of Malware Infects 1 Million IoT Devices
More than one million consumer web-connected video cameras and DVRs are compromised by bot herders who use the devices for DDoS attacks, researchers say.
SlideshowView all
Slideshow: Scenes from Black Hat USA 2013
Scenes from this year’s hacking conference in Las Vegas, Nev. include a keynote by General Keith B. Alexander, Director of the National Security Agency and talks by researchers Karsten Nohl and Ralf-Phillip Weinmann.
More from CanSecWest 2013
Pwn2Own, Pwnium Attract Dollars and 0-Days by the BushelGroundbreaking Cyber Fast Track Research Program EndingAt Pwn2Own, Browser Exploits Gett
Ryan McGeehan and Chad Greene
Ryan McGeehan, the director of incident response at Facebook and Chad Greene, the manager of the Facebook CERT on Thursday both explained how the social network has planned red team exercises in the past to prepare the company’s security team for a real attack.
Stefan Esser
Mobile security researcher Stefan Esser discussed the security model of Apple iOS and some of the recent changes the company has made to lock it down even further.
Chaouki Bekrar
The team from French research firm VUPEN, including CEO Chaouki Bekrar, has dominated the Pwn2Own hacking contest, taking down several targets, including Internet Explorer 10, Java and Mozilla Firefox. They plan to attack Adobe Flash on Thursday.
Mudge on the CFT
Peiter Zatko, also known as Mudge, has run the DARPA Cyber Fast Track program for the last three years, but he said that the researcher program is ending on April 1. The CFT program funded a wide range of security research projects in its time, including Charlie Miller’s NFC work and Moxie Marlinspike’s Convergence system.
Vancouver, British Columbia
The CanSecWest conference in Vancouver attracts some of the top security researchers from around the world each year.
More from the Kaspersky Lab/Threatpost Security Analyst Summit
Chris Soghoian on Wireless Carriers and Android SecurityPartial Disclosure Leaves Adobe Reader Zero-Day Story in Limbo
ICS Security From the Trenches Speakers Billy Rios and Terry McCorkle
Billy Rios, left, and Terry McCorkle gave details on a new zero-day vulnerability they found in the Tridium Niagara software platform.