Featured news
Kmart, Latest Victim of Egregor Ransomware – Report
The struggling retailer’s back-end services have been impacted, according to a report, just in time for the holidays.
Google Play Apps Remain Vulnerable to High-Severity Flaw
Patches for a flaw (CVE-2020-8913) in the Google Play Core Library have not been implemented by several popular Google Play apps, including Edge.
Cyberattacks Target COVID-19 Vaccine ‘Cold-Chain’ Orgs
Cybercriminals try to steal the credentials of top companies associated with the COVID-19 vaccine supply chain in an espionage effort.
TrickBot Returns with a Vengeance, Sporting Rare Bootkit Functions
A new “TrickBoot” module scans for vulnerable firmware and has the ability to read, write and erase it on devices.
Related Content
Brought to you by
Latest news
A raft of obfuscation techniques turn the heat up for the hacking-for-hire operation.
Breaking down the true cost of software tools in the context of reverse engineering and debugging may not be as clear-cut as it appears.
Lookout’s Hank Schless discusses accelerated threats to mobile endpoints in the age of COVID-19-sparked remote working.
The ransomware group pilfered payment-card data and credentials for over a year, before ending with an attack last month that shut down many of the South Korean retailer’s stores.
Incydr lets you monitor your high-risk users without impeding their ongoing work.
Most popular
-
Misconfigured Docker Servers Under Attack by Xanthe Malware
-
Turla’s ‘Crutch’ Backdoor Leverages Dropbox in Espionage Attacks
-
TurkeyBombing Puts New Twist on Zoom Abuse
-
Healthcare 2021: Cyberattacks to Center on COVID-19 Spying, Patient Data
-
Cybersecurity Predictions for 2021: Robot Overlords No, Connected Car Hacks Yes
Newsmaker Interviews
-
From Triton to Stuxnet: Preparing for OT Incident Response
-
How the Pandemic is Reshaping the Bug-Bounty Landscape
-
305 CVEs and Counting: Bug-Hunting Stories From a Security Engineer
-
A Cyber ‘Vigilante’ is Sabotaging Emotet’s Return
-
Black Hat USA 2020: Critical Meetup.com Flaws Reveal Common AppSec Holes
Most Recent ThreatLists
-
Pandemic, A Driving Force in 2021 Financial Crime
-
ThreatList: Cyber Monday Looms – But Shoppers Oblivious to Top Retail Threats
-
Changing Employee Security Behavior Takes More Than Simple Awareness
-
ThreatList: Pharma Mobile Phishing Attacks Turn to Malware
-
Cybercrime Moves to the Cloud to Accelerate Attacks Amid Data Glut
PodcastsView all
DNS Filtering: A Top Battle Front Against Malware and Phishing
Peter Lowe with DNSFilter discusses the science behind domain name system (DNS) filtering and how this method is effective in blocking out phishing and malware.
Smart Doorbells on Amazon, eBay, Harbor Serious Security Issues
Matt Lewis, with NCC Group, talks to Threatpost about a slew of security and privacy issues found in smart doorbells that are being sold on Amazon and eBay.
Cybercriminals Batter Automakers With Ransomware, IP Theft Cyberattacks
While the industry focus is on vehicle hacking, when it comes to the automotive industry cybercriminals are opting for less complex and sophisticated attacks – from phishing to ransomware.
Botnet Attackers Turn to Vulnerable IoT Devices
Cybercriminals are leveraging the multitudes of vulnerable connected devices with botnets that launch dangerous distributed denial-of-service (DDoS) attacks.
From Triton to Stuxnet: Preparing for OT Incident Response
Lesley Carhart, with Dragos, gives Threatpost a behind-the-scenes look at how industrial companies are faring during the COVID-19 pandemic – and how they can prepare for future threats.
Halloween News Wrap: The Election, Hospital Deaths and Other Scary Cyberattack Stories
Threatpost breaks down the scariest stories of the week ended Oct. 30 haunting the security industry — including bugs that just won’t die.
Holiday Shopping Craze, COVID-19 Spur Retail Security Storm
Veracode’s Chris Eng discusses the cyber threats facing shoppers who are going online due to the pandemic and the imminent holiday season.
Phishing Lures Shift from COVID-19 to Job Opportunities
Fortinet researchers are seeing a pivot in the spear-phishing and phishing lures used by cybercriminals, to entice potential job candidates as businesses open up.
News Wrap: Barnes & Noble Hack, DDoS Extortion Threats and More
From a cyberattack on Barnes & Noble to Zoom rolling out end-to-end encryption, Threatpost editors break down the top security stories of the week.
VideosView all
How the Pandemic is Reshaping the Bug-Bounty Landscape
Bugcrowd Founder Casey Ellis talks about COVID-19’s impact on bug bounty hunters, bug bounty program adoption and more.
Experts Weigh in on E-Commerce Security Amid Snowballing Threats
How a retail sector reeling from COVID-19 can lock down their online systems to prevent fraud during the upcoming holiday shopping spike.
Cybercriminals Step Up Their Game Ahead of U.S. Elections
Ahead of the November U.S. elections, cybercriminals are stepping up their offensive in both attacks against security infrastructure and disinformation campaigns – but this time, social media giants, the government and citizens are more prepared.
A Cyber ‘Vigilante’ is Sabotaging Emotet’s Return
During Black Hat USA 2020, Threatpost talks to Sherrod DeGrippo, with Proofpoint, about Emotet’s recent return -and how a cyber vigilante is attempting to thwart the malware’s comeback.
Black Hat USA 2020: Critical Meetup.com Flaws Reveal Common AppSec Holes
With Black Hat USA 2020 kicking off this week, Erez Yalon with Checkmarx talks about newly disclosed, critical vulnerabilities in Meetup.com – and why they are the “holy grail” for attackers.
Encryption Under ‘Full-Frontal Nuclear Assault’ By U.S. Bills
The U.S. government and tech companies continue to butt heads over the idea of encryption and what that means for law enforcement.
Chris Vickery: AI Will Drive Tomorrow’s Data Breaches
Chris Vickery talks about his craziest data breach discoveries and why “vishing” is the next top threat no one’s ready for.
The Enemy Within: How Insider Threats Are Changing
Insider-threat security experts unravel the new normal during this time of remote working, and explain how to protect sensitive data from this escalating risk.
BEC Gang Exploits G Suite, Long Domain Names in Cyberattacks
BEC gangs like “Exaggerated Lion” are using tricky tactics – like exploiting G Suite – to scam companies out of millions.
SlideshowView all
2020 Cybersecurity Trends to Watch
Mobile becomes a prime phishing attack vector, hackers will increasingly employ machine learning in attacks and cloud will increasingly be seen as fertile ground for compromise.
Top Mobile Security Stories of 2019
Cybercrime increasingly went mobile in 2019, with everything from Apple iPhone jailbreaks and rogue Android apps to 5G and mobile-first phishing dominating the news coverage. Here are Threatpost’s Top 10 mobile security stories of 2019.
Facebook Security Debacles: 2019 Year in Review
2019 was a tumultuous year for Facebook as it continued to grapple with privacy fallout after Cambridge Analytica, as well as dealing with a slew of security challenges.
Biggest Malware Threats of 2019
2019 was another banner year for bots, trojans, RATS and ransomware. Let’s take a look back.
Top 10 IoT Disasters of 2019
From more widescale, powerful distributed denial of service (DDoS) attacks, to privacy issues in children’s connected toys, here are the top IoT disasters in 2019.
2019 Malware Trends to Watch
Here are 10 top malware trends to watch for in the New Year.
Top 2018 Security and Privacy Stories
The top cybersecurity and privacy trends that biggest impact in 2018.
2019: The Year Ahead in Cybersecurity
What are the top cyber trends to watch out for in 2019? Here’s what we’re hearing.
2018: A Banner Year for Breaches
A look back at the blizzard of breaches that made up 2018.