Justice Department Indicts 12 Russian Nationals Tied to 2016 Election Hacking
Indictments are part of special counsel Robert Mueller’s investigation of Russian interference in the 2016 elections.
Featured news
Sextortionists Shift Scare Tactics to Include Legit Passwords
The scam emails offer, as proof of compromise, a password associated with the target’s online accounts.
Hacker Compromises Air Force Captain to Steal Sensitive Drone Info
The thief also had a second dataset, including the M1 Abrams maintenance manual, a tank platoon training course, a crew survival course and documentation on improvised explosive device (IED) mitigation tactics.
Indian iPhone Spy Campaign Used Fake MDM Platform
Cyberattackers have used a bogus mobile device management (MDM) system to target a small – but presumably high-value – set of iPhones in India in a cyberespionage campaign that has some unusual hallmarks.
Editor's Picks
-
Apple OS Update Lifts Curtain on iPhone USB Restricted Mode
-
Polar Fitness App Exposes Location of ‘Spies’ and Military Personnel
-
Samsung Investigates Claims of Spontaneous Texting of Images to Contacts
-
Bug Bounty Programs Turn Attention to Data Abuse
-
WebAssembly Changes Could Ruin Meltdown and Spectre Browser Patches
Latest news
Indictments are part of special counsel Robert Mueller’s investigation of Russian interference in the 2016 elections.
Cyberattackers have used a bogus mobile device management (MDM) system to target a small – but presumably high-value – set of iPhones in India in a cyberespionage campaign that has some unusual hallmarks.
HackerOne’s 2018 Hacker-Powered Security Report showed that the average award for critical vulnerabilities has increased.
The scam emails offer, as proof of compromise, a password associated with the target’s online accounts.
In this InfoSec Insider, Tim Bandos looks at why network admins will want to keep a close watch on network traffic within the enterprise.
Newsmaker Interviews
Most Recent ThreatLists
-
ThreatList: Bug Bounty Payouts Increase Six Percent for Critical Vulnerabilities
-
ThreatList: 6-Year-Old Dorkbot Banking Malware Resurfaces as Big Threat
-
ThreatList: Virtualization-related Bug Reports Jump 275 Percent in 2018
-
ThreatList: Biggest Cybercrime Developments in 2018, So Far
-
ThreatList: Exploit Kits Still a Top Web-based Threat
PodcastsView all
Newsmaker Interview: Marten Mickos on the Future of Bug Bounty
Mickos sat down with Threatpost’s Lindsey O’Donnell to talk about bug bounty program opportunities, challenges, and ultimately how programs are evolving.
Podcast: The Growing Social Media Threat Landscape
How can we keep up with the social media threat landscape as it grows to include more malware, hacks and scams? We discuss on the latest Threatpost podcast.
Threatpost News Wrap Podcast for June 8
Threatpost editors discuss the stories behind the biggest news that broke this week.
Podcast: How Cities Can Be Security Smart
Threatpost talks to Tenable CTO Renaud Deraison about the security risks behind smart cities.
Threatpost News Wrap Podcast for May 18
Threatpost editors Tom Spring, Tara Seals and Lindsey O’Donnell discuss the week’s information security news.
Podcast: The Evolution of Deception Technology
Deception technology is an emerging category of cyber defense that is particularly useful when it comes to IoT devices, SCADA systems and medical devices.
A Look Inside: Bug Bounties and Pen Testing
Threatpost talks to Christie Terrill of Bishop Fox about the pros and cons of using bug bounty programs versus penetration testing for companies.
Podcast: Why Manufacturers Struggle To Secure IoT
Too often, many IoT device manufacturers are opting to leave out costly security features for their small, low power connected devices.
Podcast: How Millions of Apps Leak Private Data
Threatpost’s Tom Spring talked to Roman Unuchek, senior malware analyst at Kaspersky Lab, about his discoveries this week at the RSA Conference.
VideosView all
Akamai CSO Talks Cryptominers, IoT and the Reemergence of Old Threats
Andy Ellis, CSO Akamai, discusses how the company works with others within the cybersecurity landscape to help keep the internet safe.
HackerOne CEO Talks Bug Bounty Programs at RSA Conference
Can bug bounty programs be designed to protect consumer privacy and how do programs balance white hat disclosure versus companies sitting on vulnerabilities until they are fixed?
A Closer Look at APT Group Sofacy’s Latest Targets
Threatpost talks to Kaspersky Lab researcher Kurt Baumgartner who was instrumental in tracking the latest activities of the Russian-speaking Sofacy APT gang.
Programs Controlling ICS Robotics Are ‘Wide Open’ to Vulnerabilities
Dewan Chowdhury, founder of MalCrawler, talks at SAS about the risks that companies face when securing their industrial control systems and robotics.
The ‘Perfect Storm’ of Disinformation and Hacking
Matt Tait gives a list of examples throughout history where politically motivated groups have used disinformation and hacking as part of a campaign to shape public opinion.
Cisco Warns of Critical Flaw in Voice OS-based Products
Cisco Systems issued patch that fixes a critical vulnerability impacting 12 products running the Cisco Voice Operating System software.
Mark Dowd on Exploit Mitigation Development
Mark Dowd discusses why certain exploit mitigations have been so successful in driving up the cost of exploit development for attackers.
iOS 10 Passcode Bypass Can Access Photos, Contacts
A vulnerability in iOS 8, 9, 10, and even the most recent beta version, 10.2 beta 3, could allow an attacker to access photos and contacts on a locked iPhone.
BASHLITE Family Of Malware Infects 1 Million IoT Devices
More than one million consumer web-connected video cameras and DVRs are compromised by bot herders who use the devices for DDoS attacks, researchers say.
SlideshowView all
Slideshow: Scenes from Black Hat USA 2013
Scenes from this year’s hacking conference in Las Vegas, Nev. include a keynote by General Keith B. Alexander, Director of the National Security Agency and talks by researchers Karsten Nohl and Ralf-Phillip Weinmann.
More from CanSecWest 2013
Pwn2Own, Pwnium Attract Dollars and 0-Days by the BushelGroundbreaking Cyber Fast Track Research Program EndingAt Pwn2Own, Browser Exploits Gett
Ryan McGeehan and Chad Greene
Ryan McGeehan, the director of incident response at Facebook and Chad Greene, the manager of the Facebook CERT on Thursday both explained how the social network has planned red team exercises in the past to prepare the company’s security team for a real attack.
Stefan Esser
Mobile security researcher Stefan Esser discussed the security model of Apple iOS and some of the recent changes the company has made to lock it down even further.
Chaouki Bekrar
The team from French research firm VUPEN, including CEO Chaouki Bekrar, has dominated the Pwn2Own hacking contest, taking down several targets, including Internet Explorer 10, Java and Mozilla Firefox. They plan to attack Adobe Flash on Thursday.
Mudge on the CFT
Peiter Zatko, also known as Mudge, has run the DARPA Cyber Fast Track program for the last three years, but he said that the researcher program is ending on April 1. The CFT program funded a wide range of security research projects in its time, including Charlie Miller’s NFC work and Moxie Marlinspike’s Convergence system.
Vancouver, British Columbia
The CanSecWest conference in Vancouver attracts some of the top security researchers from around the world each year.
More from the Kaspersky Lab/Threatpost Security Analyst Summit
Chris Soghoian on Wireless Carriers and Android SecurityPartial Disclosure Leaves Adobe Reader Zero-Day Story in Limbo
ICS Security From the Trenches Speakers Billy Rios and Terry McCorkle
Billy Rios, left, and Terry McCorkle gave details on a new zero-day vulnerability they found in the Tridium Niagara software platform.