Cisco Starts Patching Firmware Bug; Millions of Devices Still Vulnerable
A flaw in the Secure Boot trusted hardware root-of-trust affects enterprise, military and government network gear, including routers, switches and firewalls.
Featured news
HCL Exposes Customer, Personnel Info in Wide-Ranging Data Leak
HCL domain pages exposed sensitive data – including passwords and project analysis reports – for thousands of employees and customers.
Millions of Golfers Land in Privacy Hazard After Cloud Misconfig
A database with millions of data points on games played plus sensitive information was left right in the middle of the internet fairway for all to see.
Behind the Naming of ZombieLoad and Other Intel Spectre-Like Flaws
A lot of thought and meaning goes into the naming of infamous CPU side channel flaws, like ZombieLoad, Spectre and Meltdown.
Editor's Picks
Latest news
Mozilla has released a host of fixes for its browser as it rolls out its latest 67 version of Firefox, which touts better speed and privacy.
Intel has issued fixes for a slew of vulnerabilities, separate from the side-channel bugs disclosed last week.
Enjoy the video replay of the recent Threatpost cloud security webinar, featuring a panel of experts offering best practices and ideas for managing data in a cloudified world.
All too often, information-sharing is limited to vertical market silos; to build better defenses, it’s time to take a broader view beyond the ISAC.
A glitch in Microsoft’s Windows 10 update is causing systems to freeze after users tried to use the System Reboot function. Luckily, workarounds exist.
Most popular
-
ZombieLoad: How Intel’s Latest Side Channel Bug Was Discovered and Disclosed
-
Apple Patches Intel Side-Channel Bugs; Updates iOS, macOS and More
-
Behind the Naming of ZombieLoad and Other Intel Spectre-Like Flaws
-
Salesforce Woes Linger as Admins Clean Up After Service Outage
-
WordPress WP Live Chat Support Plugin Fixes XSS Flaw
Newsmaker Interviews
-
Newsmaker Interview: Bruce Schneier on Physical Cyber Threats
-
Newsmaker Interview: Troy Mursch on Top Botnet Trends
-
Chris Vickery on the Marriott Breach and a Rash of Recent High-Profile Hacks
-
Newsmaker Interview: Katie Moussouris on Improving Bug Bounty Programs
-
Newsmaker Interview: Tom Kellermann on Hacking the Midterm Elections
Most Recent ThreatLists
-
ThreatList: Top 5 Most Dangerous Attachment Types
-
ThreatList: Bad Bots Account for a Fifth of All Web Traffic, FinServ Hit the Worst
-
ThreatList: Tax Scammers Launch a Raft of Fake Mobile Apps
-
ThreatList: Half of All Attacks Aim at Supply Chain
-
ThreatList: Game of Thrones, a Top Malware Conduit for Cybercriminals
PodcastsView all
ZombieLoad: How Intel’s Latest Side Channel Bug Was Discovered and Disclosed
Daniel Gruss, the researcher behind Spectre, Meltdown – and most recently, ZombieLoad – Intel CPU side channel attacks, gives an inside look into how he discovered the flaws.
News Wrap: WhatsApp, Microsoft, Intel and Cisco Flaws
From a zero day flaw in WhatsApp, to Patch Tuesday fixes, Threatpost breaks down the top vulnerabilities of this week.
News Wrap: Facebook Regulation, Verizon DBIR, Hidden Airbnb Cameras
From a creepy Airbnb incident to Verizon’s Data Breach Investigations Report, Threatpost editors break down the top privacy and security stories for the week ended May 10.
Extinguishing the IoT Insecurity Dumpster Fire
Will connected devices be insecure forever? Or will legislation – such as the recent UK mandate announced this week – help boost IoT security?
News Wrap: Cartoon Network Hack, the Catholic Church and Jason Statham Scams
The Threatpost team breaks down the strangest security stories this week – from Cartoon Network hacked to show stripper videos, to a church being scammed out of $1.75 million.
News Wrap: Amazon Echo Privacy, Facebook FTC Fines and Biometrics Regulation
On this week’s Threatpost news wrap, the team discusses Facebook’s FTC fine for its data security practices, a report that Amazon is collecting Echo users’ geolocation data, and more.
SAS 2019: Fake News Peddlers Adopt Clever New Trick to Fool Facebook, Twitter
At SAS 2019, Recorded Future CTO discusses a new kind of high-profile influence campaign spotted using a new technique: Old news.
SAS 2019: Joe FitzPatrick Warns of the ‘$5 Supply Chain Attack’
At the Security Analyst Summit, Threatpost editor Tara Seals catches up with Joe FitzPatrick, researcher with Securing Hardware, to discuss supply chain threats.
Podcast: Chris Vickery on UpGuard’s Discovery of Millions of Facebook Records
Chris Vickery with UpGuard, who discovered two datasets exposing millions of Facebook records, discusses his findings and the implications of data collection with Threatpost.
VideosView all
Data Security in the Cloud: How to Lock Down the Next-Gen Perimeter
Enjoy the video replay of the recent Threatpost cloud security webinar, featuring a panel of experts offering best practices and ideas for managing data in a cloudified world.
Hackers Take Over IoT Devices to ‘Click’ on Ads
A video interview and Q&A with IoT specialist Dan Demeter of Kaspersky Lab.
Lax Telco Security Allows Mobile Phone Hijacking and Redirects
A Q&A with Kaspersky Lab researcher David Jacoby examines a gaping hole in the telco customer-service process that allows adversaries to commandeer phone calls.
Post-Perimeter Security: Addressing Evolving Mobile Enterprise Threats
Experts from Gartner, Lookout and Google talk enterprise mobile security in this webinar replay.
Insider Threats Get Mean, Nasty and Very Personal
Increasingly, attackers are targeting the most vulnerable people inside companies and exploiting their weaknesses.
Forrester: Ransomware Set to Resurge As Firms Pay Off Attacks
In this video, Josh Zelonis, senior analyst at Forrester Research, discusses the next great security threats to enterprises.
RSA Conference 2019: The Expanding Automation Platform Attack Surface
Hacking into smart homes is becoming increasingly easy and a great way to steal victims’ personal information, Trend Micro said at RSA 2019.
RSA Conference 2019: Emotet Takes Aim at Latin America
RAT activity in Latin America and Asia ramped up at the end of 2018, indicating widespread coordinated targeting by threat actors.
RSA Conference 2019: Firms Continue to Fail at IoT Security
IoT is growing more popular in the home – and so too are the attacks that target these devices featuring valuable data, researchers said at RSA 2019.
SlideshowView all
2019 Malware Trends to Watch
Here are 10 top malware trends to watch for in the New Year.
Top 2018 Security and Privacy Stories
The top cybersecurity and privacy trends that biggest impact in 2018.
2019: The Year Ahead in Cybersecurity
What are the top cyber trends to watch out for in 2019? Here’s what we’re hearing.
2018: A Banner Year for Breaches
A look back at the blizzard of breaches that made up 2018.
Slideshow: Intel from Virus Bulletin 2018
This year’s Virus Bulletin conference featured top-tier research from some of the world’s best threat intelligence experts.
Slideshow: Scenes from Black Hat USA 2013
Scenes from this year’s hacking conference in Las Vegas, Nev. include a keynote by General Keith B. Alexander, Director of the National Security Agency and talks by researchers Karsten Nohl and Ralf-Phillip Weinmann.
More from CanSecWest 2013
Pwn2Own, Pwnium Attract Dollars and 0-Days by the BushelGroundbreaking Cyber Fast Track Research Program EndingAt Pwn2Own, Browser Exploits Gett
Ryan McGeehan and Chad Greene
Ryan McGeehan, the director of incident response at Facebook and Chad Greene, the manager of the Facebook CERT on Thursday both explained how the social network has planned red team exercises in the past to prepare the company’s security team for a real attack.
Stefan Esser
Mobile security researcher Stefan Esser discussed the security model of Apple iOS and some of the recent changes the company has made to lock it down even further.