DDoS Attacks Get Bigger, Smarter and More Diverse
DDoS attacks are relentless. New techniques, new targets and a new class of attackers continue to reinvigorate one of the internet’s oldest nemeses.
Featured news
Recent Andariel Group ActiveX Attacks Point to Future Targets
Changes in the group’s script may indicate that the hackers may start using attack vectors other than ActiveX.
Newsmaker Interview: Bruce Schneier on ‘Going Dark’ and the Crypto Arms Race
Noted cryptographer waxes on the threats posed by physical cyber systems, ‘going dark’ and a crypto arms race.
DanaBot Trojan Targets Bank Customers In Phishing Scam
A new phishing scam purports to be MYOB invoices – but really contains a novel banking trojan.
Editor's Picks
-
No Evidence of GandCrab Leveraging SMB Exploit – Yet
-
DanaBot Trojan Targets Bank Customers In Phishing Scam
-
Hacker Compromises Air Force Captain to Steal Sensitive Drone Info
-
Apple OS Update Lifts Curtain on iPhone USB Restricted Mode
-
Polar Fitness App Exposes Location of ‘Spies’ and Military Personnel
Latest news
IT companies allege that one of New Zealand’s largest networks of doctors and nurses has been storing hundreds of thousands of sensitive patient records, without express consent.
Buyers and sellers can exchange cash in person, transfer bank funds online or can exchange funds for prepaid cards, gift cards or other cryptocurrencies.
Changes in the group’s script may indicate that the hackers may start using attack vectors other than ActiveX.
DDoS attacks are relentless. New techniques, new targets and a new class of attackers continue to reinvigorate one of the internet’s oldest nemeses.
Researchers found a new version of GandCrab – but no evidence that the ransomware is using the same SMB exploit as Wannacry.
Newsmaker Interviews
-
Newsmaker Interview: Bruce Schneier on ‘Going Dark’ and the Crypto Arms Race
-
Newsmaker Interview: Scott Helme on Securing the Web
-
Newsmaker Interview: Patrick Wardle Talks Apple Malware Flubs and Successes
-
Newsmaker Interview: VDOO CEO Talks Top IoT Threats
-
Newsmaker Interview: Marten Mickos on the Future of Bug Bounty
Most Recent ThreatLists
-
ThreatList: Bug Bounty Payouts Increase Six Percent for Critical Vulnerabilities
-
ThreatList: 6-Year-Old Dorkbot Banking Malware Resurfaces as Big Threat
-
ThreatList: Virtualization-related Bug Reports Jump 275 Percent in 2018
-
ThreatList: Biggest Cybercrime Developments in 2018, So Far
-
ThreatList: Exploit Kits Still a Top Web-based Threat
PodcastsView all
Newsmaker Interview: Marten Mickos on the Future of Bug Bounty
Mickos sat down with Threatpost’s Lindsey O’Donnell to talk about bug bounty program opportunities, challenges, and ultimately how programs are evolving.
Podcast: The Growing Social Media Threat Landscape
How can we keep up with the social media threat landscape as it grows to include more malware, hacks and scams? We discuss on the latest Threatpost podcast.
Threatpost News Wrap Podcast for June 8
Threatpost editors discuss the stories behind the biggest news that broke this week.
Podcast: How Cities Can Be Security Smart
Threatpost talks to Tenable CTO Renaud Deraison about the security risks behind smart cities.
Threatpost News Wrap Podcast for May 18
Threatpost editors Tom Spring, Tara Seals and Lindsey O’Donnell discuss the week’s information security news.
Podcast: The Evolution of Deception Technology
Deception technology is an emerging category of cyber defense that is particularly useful when it comes to IoT devices, SCADA systems and medical devices.
A Look Inside: Bug Bounties and Pen Testing
Threatpost talks to Christie Terrill of Bishop Fox about the pros and cons of using bug bounty programs versus penetration testing for companies.
Podcast: Why Manufacturers Struggle To Secure IoT
Too often, many IoT device manufacturers are opting to leave out costly security features for their small, low power connected devices.
Podcast: How Millions of Apps Leak Private Data
Threatpost’s Tom Spring talked to Roman Unuchek, senior malware analyst at Kaspersky Lab, about his discoveries this week at the RSA Conference.
VideosView all
Akamai CSO Talks Cryptominers, IoT and the Reemergence of Old Threats
Andy Ellis, CSO Akamai, discusses how the company works with others within the cybersecurity landscape to help keep the internet safe.
HackerOne CEO Talks Bug Bounty Programs at RSA Conference
Can bug bounty programs be designed to protect consumer privacy and how do programs balance white hat disclosure versus companies sitting on vulnerabilities until they are fixed?
A Closer Look at APT Group Sofacy’s Latest Targets
Threatpost talks to Kaspersky Lab researcher Kurt Baumgartner who was instrumental in tracking the latest activities of the Russian-speaking Sofacy APT gang.
Programs Controlling ICS Robotics Are ‘Wide Open’ to Vulnerabilities
Dewan Chowdhury, founder of MalCrawler, talks at SAS about the risks that companies face when securing their industrial control systems and robotics.
The ‘Perfect Storm’ of Disinformation and Hacking
Matt Tait gives a list of examples throughout history where politically motivated groups have used disinformation and hacking as part of a campaign to shape public opinion.
Cisco Warns of Critical Flaw in Voice OS-based Products
Cisco Systems issued patch that fixes a critical vulnerability impacting 12 products running the Cisco Voice Operating System software.
Mark Dowd on Exploit Mitigation Development
Mark Dowd discusses why certain exploit mitigations have been so successful in driving up the cost of exploit development for attackers.
iOS 10 Passcode Bypass Can Access Photos, Contacts
A vulnerability in iOS 8, 9, 10, and even the most recent beta version, 10.2 beta 3, could allow an attacker to access photos and contacts on a locked iPhone.
BASHLITE Family Of Malware Infects 1 Million IoT Devices
More than one million consumer web-connected video cameras and DVRs are compromised by bot herders who use the devices for DDoS attacks, researchers say.
SlideshowView all
Slideshow: Scenes from Black Hat USA 2013
Scenes from this year’s hacking conference in Las Vegas, Nev. include a keynote by General Keith B. Alexander, Director of the National Security Agency and talks by researchers Karsten Nohl and Ralf-Phillip Weinmann.
More from CanSecWest 2013
Pwn2Own, Pwnium Attract Dollars and 0-Days by the BushelGroundbreaking Cyber Fast Track Research Program EndingAt Pwn2Own, Browser Exploits Gett
Ryan McGeehan and Chad Greene
Ryan McGeehan, the director of incident response at Facebook and Chad Greene, the manager of the Facebook CERT on Thursday both explained how the social network has planned red team exercises in the past to prepare the company’s security team for a real attack.
Stefan Esser
Mobile security researcher Stefan Esser discussed the security model of Apple iOS and some of the recent changes the company has made to lock it down even further.
Chaouki Bekrar
The team from French research firm VUPEN, including CEO Chaouki Bekrar, has dominated the Pwn2Own hacking contest, taking down several targets, including Internet Explorer 10, Java and Mozilla Firefox. They plan to attack Adobe Flash on Thursday.
Mudge on the CFT
Peiter Zatko, also known as Mudge, has run the DARPA Cyber Fast Track program for the last three years, but he said that the researcher program is ending on April 1. The CFT program funded a wide range of security research projects in its time, including Charlie Miller’s NFC work and Moxie Marlinspike’s Convergence system.
Vancouver, British Columbia
The CanSecWest conference in Vancouver attracts some of the top security researchers from around the world each year.
More from the Kaspersky Lab/Threatpost Security Analyst Summit
Chris Soghoian on Wireless Carriers and Android SecurityPartial Disclosure Leaves Adobe Reader Zero-Day Story in Limbo
ICS Security From the Trenches Speakers Billy Rios and Terry McCorkle
Billy Rios, left, and Terry McCorkle gave details on a new zero-day vulnerability they found in the Tridium Niagara software platform.