D-Link, Dasan Routers Under Attack In Yet Another Assault
Dasan and D-Link routers running GPON firmware are being targeted by hackers in an attempt to create a botnet.
Featured news
Chinese Hackers Mount Espionage Campaign During Trump-Putin Summit
An uncharacteristic spate of strikes against IoT devices in Finland during the summit was likely an indicator of a coordinated cyberespionage effort, researchers said.
IoT Robot Vacuum Vulnerabilities Let Hackers Spy on Victims
Two vulnerabilities were discovered on Dongguan Diqee-branded vacuum cleaners, Thursday.
GangWang GPS Navigation Attack Leads Unsuspecting Drivers Astray
In a stalking or random criminal scenario, the ability to guide someone to an out-of-the-way, isolated location could be a precursor to kidnapping or worse.
Editor's Picks
Latest news
Hundreds of thousands of emails are delivering weaponized PDFs containing malicious SettingContent-ms files.
Dasan and D-Link routers running GPON firmware are being targeted by hackers in an attempt to create a botnet.
Criminals have found a mischievous way to mine cryptocurrency. Security researcher Troy Mursch sounds off on why this tricky trend isn’t going away anytime soon.
Airport TSA agents don’t check terminals for insecure WiFi networks, so stay on your toes when using hotspots at these airports.
An uncharacteristic spate of strikes against IoT devices in Finland during the summit was likely an indicator of a coordinated cyberespionage effort, researchers said.
Newsmaker Interviews
-
Newsmaker Interview: Troy Mursch on Why Cryptojacking Isn’t Going Away
-
Newsmaker Interview: Bruce Schneier on ‘Going Dark’ and the Crypto Arms Race
-
Newsmaker Interview: Scott Helme on Securing the Web
-
Newsmaker Interview: Patrick Wardle Talks Apple Malware Flubs and Successes
-
Newsmaker Interview: VDOO CEO Talks Top IoT Threats
Most Recent ThreatLists
-
ThreatList: A Ranking of Airports By Riskiest WiFi Networks
-
ThreatList: Sizing Up The Scourge of Credential-Stuffing
-
ThreatList: Popular Apps Get Enterprise Blacklisted
-
ThreatList: Bug Bounty Payouts Increase Six Percent for Critical Vulnerabilities
-
ThreatList: 6-Year-Old Dorkbot Banking Malware Resurfaces as Big Threat
PodcastsView all
Newsmaker Interview: Marten Mickos on the Future of Bug Bounty
Mickos sat down with Threatpost’s Lindsey O’Donnell to talk about bug bounty program opportunities, challenges, and ultimately how programs are evolving.
Podcast: The Growing Social Media Threat Landscape
How can we keep up with the social media threat landscape as it grows to include more malware, hacks and scams? We discuss on the latest Threatpost podcast.
Threatpost News Wrap Podcast for June 8
Threatpost editors discuss the stories behind the biggest news that broke this week.
Podcast: How Cities Can Be Security Smart
Threatpost talks to Tenable CTO Renaud Deraison about the security risks behind smart cities.
Threatpost News Wrap Podcast for May 18
Threatpost editors Tom Spring, Tara Seals and Lindsey O’Donnell discuss the week’s information security news.
Podcast: The Evolution of Deception Technology
Deception technology is an emerging category of cyber defense that is particularly useful when it comes to IoT devices, SCADA systems and medical devices.
A Look Inside: Bug Bounties and Pen Testing
Threatpost talks to Christie Terrill of Bishop Fox about the pros and cons of using bug bounty programs versus penetration testing for companies.
Podcast: Why Manufacturers Struggle To Secure IoT
Too often, many IoT device manufacturers are opting to leave out costly security features for their small, low power connected devices.
Podcast: How Millions of Apps Leak Private Data
Threatpost’s Tom Spring talked to Roman Unuchek, senior malware analyst at Kaspersky Lab, about his discoveries this week at the RSA Conference.
VideosView all
Akamai CSO Talks Cryptominers, IoT and the Reemergence of Old Threats
Andy Ellis, CSO Akamai, discusses how the company works with others within the cybersecurity landscape to help keep the internet safe.
HackerOne CEO Talks Bug Bounty Programs at RSA Conference
Can bug bounty programs be designed to protect consumer privacy and how do programs balance white hat disclosure versus companies sitting on vulnerabilities until they are fixed?
A Closer Look at APT Group Sofacy’s Latest Targets
Threatpost talks to Kaspersky Lab researcher Kurt Baumgartner who was instrumental in tracking the latest activities of the Russian-speaking Sofacy APT gang.
Programs Controlling ICS Robotics Are ‘Wide Open’ to Vulnerabilities
Dewan Chowdhury, founder of MalCrawler, talks at SAS about the risks that companies face when securing their industrial control systems and robotics.
The ‘Perfect Storm’ of Disinformation and Hacking
Matt Tait gives a list of examples throughout history where politically motivated groups have used disinformation and hacking as part of a campaign to shape public opinion.
Cisco Warns of Critical Flaw in Voice OS-based Products
Cisco Systems issued patch that fixes a critical vulnerability impacting 12 products running the Cisco Voice Operating System software.
Mark Dowd on Exploit Mitigation Development
Mark Dowd discusses why certain exploit mitigations have been so successful in driving up the cost of exploit development for attackers.
iOS 10 Passcode Bypass Can Access Photos, Contacts
A vulnerability in iOS 8, 9, 10, and even the most recent beta version, 10.2 beta 3, could allow an attacker to access photos and contacts on a locked iPhone.
BASHLITE Family Of Malware Infects 1 Million IoT Devices
More than one million consumer web-connected video cameras and DVRs are compromised by bot herders who use the devices for DDoS attacks, researchers say.
SlideshowView all
Slideshow: Scenes from Black Hat USA 2013
Scenes from this year’s hacking conference in Las Vegas, Nev. include a keynote by General Keith B. Alexander, Director of the National Security Agency and talks by researchers Karsten Nohl and Ralf-Phillip Weinmann.
More from CanSecWest 2013
Pwn2Own, Pwnium Attract Dollars and 0-Days by the BushelGroundbreaking Cyber Fast Track Research Program EndingAt Pwn2Own, Browser Exploits Gett
Ryan McGeehan and Chad Greene
Ryan McGeehan, the director of incident response at Facebook and Chad Greene, the manager of the Facebook CERT on Thursday both explained how the social network has planned red team exercises in the past to prepare the company’s security team for a real attack.
Stefan Esser
Mobile security researcher Stefan Esser discussed the security model of Apple iOS and some of the recent changes the company has made to lock it down even further.
Chaouki Bekrar
The team from French research firm VUPEN, including CEO Chaouki Bekrar, has dominated the Pwn2Own hacking contest, taking down several targets, including Internet Explorer 10, Java and Mozilla Firefox. They plan to attack Adobe Flash on Thursday.
Mudge on the CFT
Peiter Zatko, also known as Mudge, has run the DARPA Cyber Fast Track program for the last three years, but he said that the researcher program is ending on April 1. The CFT program funded a wide range of security research projects in its time, including Charlie Miller’s NFC work and Moxie Marlinspike’s Convergence system.
Vancouver, British Columbia
The CanSecWest conference in Vancouver attracts some of the top security researchers from around the world each year.
More from the Kaspersky Lab/Threatpost Security Analyst Summit
Chris Soghoian on Wireless Carriers and Android SecurityPartial Disclosure Leaves Adobe Reader Zero-Day Story in Limbo
ICS Security From the Trenches Speakers Billy Rios and Terry McCorkle
Billy Rios, left, and Terry McCorkle gave details on a new zero-day vulnerability they found in the Tridium Niagara software platform.