Meetup Critical Flaws Allow ‘Group’ Takeover, Payment Theft
Researchers disclosed critical flaws in the popular Meetup service at Black Hat USA 2020 this week, which could allow takeover of Meetup “Groups.”
Featured news
Black Hat USA 2020: Critical Meetup.com Flaws Reveal Common AppSec Holes
With Black Hat USA 2020 kicking off this week, Erez Yalon with Checkmarx talks about newly disclosed, critical vulnerabilities in Meetup.com – and why they are the “holy grail” for attackers.
Black Hat USA 2020 Preview: Election Security, COVID Disinformation and More
Threatpost editors break down the top themes, speakers and sessions to look out for this year at Black Hat 2020 – from election security to remote work and the pandemic.
Garmin Pays Up to Evil Corp After Ransomware Attack — Reports
The ransom for the decryptor key in the WastedLocker attack could have topped $10 million, sources said.
Editor's Picks
-
Podcast: Security Lessons Learned In Times of Uncertainty
-
Researchers Warn of High-Severity Dell PowerEdge Server Flaw
-
Attackers Exploiting High-Severity Network Security Flaw, Cisco Warns
-
Encryption Under ‘Full-Frontal Nuclear Assault’ By U.S. Bills
-
NSA Urgently Warns on Industrial Cyberattacks, Triconex Critical Bug
Latest news
The flaws have been confirmed by Grandstream, but no firmware update has yet been issued.
Three have been charged in alleged connection with the recent high-profile Twitter hack – including a 17-year-old teen from Florida who is the reported “mastermind” behind the attack.
The corporate-travel leader has confirmed an attack that knocked systems offline.
Researchers uncovered a disinformation campaign aiming to discredit NATO via fake news content on compromised news websites.
Hackers “mislead certain employees” to gain access to internal tools to take over high-profile accounts and push out a Bitcoin scam.
Most popular
-
Doki Backdoor Infiltrates Docker Servers in the Cloud
-
Facial-Recognition Flop: Face Masks Thwart Virus, Stump Security Systems
-
Black Hat USA 2020 Preview: Election Security, COVID Disinformation and More
-
Vermont Taxpayers Warned of Data Leak Over the Past Three Years
-
Authorities Arrest Alleged 17-Year-Old ‘Mastermind’ Behind Twitter Hack
Newsmaker Interviews
-
Black Hat USA 2020: Critical Meetup.com Flaws Reveal Common AppSec Holes
-
Encryption Under ‘Full-Frontal Nuclear Assault’ By U.S. Bills
-
Going Down the Spyware Rabbit Hole with SilkBean Mobile Malware
-
Chris Vickery: AI Will Drive Tomorrow’s Data Breaches
-
AWS Facial Recognition Platform Misidentified Over 100 Politicians As Criminals
Most Recent ThreatLists
PodcastsView all
Black Hat USA 2020 Preview: Election Security, COVID Disinformation and More
Threatpost editors break down the top themes, speakers and sessions to look out for this year at Black Hat 2020 – from election security to remote work and the pandemic.
Podcast: Security Lessons Learned In Times of Uncertainty
Derek Manky, Chief, Security Insights & Global Threat Alliances at Fortinet’s FortiGuard Labs, discusses the top threats and lessons learned from the first half of 2020.
News Wrap: Twitter Hack, Apple Under Fire and Global Privacy Finger Wags
Threatpost editors talk about the biggest security news stories for the week ended Jul. 24.
Going Down the Spyware Rabbit Hole with SilkBean Mobile Malware
An Android spyware attack was recently discovered that targeted the Uyghur ethnic minority group – since 2013.
A ‘New Age’ of Sophisticated Business Email Compromise is Coming
A new BEC threat group is heralding more sophisticated email scams that target organizations without DMARC and squeeze as much money out of victims as possible.
Podcast: Securing Railway Systems Against Hacks
Dr. Jesus Molina, director of Industrial IOT with Waterfall Security Solutions, discusses the security challenges facing rail networks and systems.
EvilQuest: Inside A ‘New Class’ of Mac Malware
Mac expert Thomas Reed discusses how EvilQuest is ushering in a new class of Mac malware.
AWS Facial Recognition Platform Misidentified Over 100 Politicians As Criminals
Comparitech’s Paul Bischoff found that Amazon’s facial recognition platform misidentified an alarming number of people, and was racially biased.
News Wrap: Malicious Chrome Extensions Removed, CIA ‘Woefully Lax’ Security Policies Bashed
Insider threats, the CIA’s bad security policies, and malicious Chrome extensions were the topics of discussion during this week’s news wrap podcast.
VideosView all
Black Hat USA 2020: Critical Meetup.com Flaws Reveal Common AppSec Holes
With Black Hat USA 2020 kicking off this week, Erez Yalon with Checkmarx talks about newly disclosed, critical vulnerabilities in Meetup.com – and why they are the “holy grail” for attackers.
Encryption Under ‘Full-Frontal Nuclear Assault’ By U.S. Bills
The U.S. government and tech companies continue to butt heads over the idea of encryption and what that means for law enforcement.
Chris Vickery: AI Will Drive Tomorrow’s Data Breaches
Chris Vickery talks about his craziest data breach discoveries and why “vishing” is the next top threat no one’s ready for.
The Enemy Within: How Insider Threats Are Changing
Insider-threat security experts unravel the new normal during this time of remote working, and explain how to protect sensitive data from this escalating risk.
BEC Gang Exploits G Suite, Long Domain Names in Cyberattacks
BEC gangs like “Exaggerated Lion” are using tricky tactics – like exploiting G Suite – to scam companies out of millions.
Fake Skype, Signal Apps Used to Spread Surveillanceware
Threat groups are increasingly relying on trojanized apps pretending to be legitimate – such as Skype or Signal – but are really spreading surveillanceware.
Tokyo Olympics Postponed, But 5G Security Lessons Shine
Threatpost Senior Editor Tara Seals is joined by Russ Mohr, engineer and Apple evangelist at MobileIron along with Jerry Ray, COO at SecureAge, for a discussion about the now postponed Tokyo Games and its use of 5G and the myriad of security concerns Japan is preparing for.
Cloud Misconfig Mistakes Show Need For DevSecOps
Unit 42 researchers discuss public cloud misconfiguration issues that are leading to breaches of sensitive data.
Akamai Talks Massive Uptick in Credential-Stuffing Attacks Against Bank APIs
Researchers with Akamai say that 75 percent of all credential abuse attacks against the financial services industry were targeting APIs.
SlideshowView all
2020 Cybersecurity Trends to Watch
Mobile becomes a prime phishing attack vector, hackers will increasingly employ machine learning in attacks and cloud will increasingly be seen as fertile ground for compromise.
Top Mobile Security Stories of 2019
Cybercrime increasingly went mobile in 2019, with everything from Apple iPhone jailbreaks and rogue Android apps to 5G and mobile-first phishing dominating the news coverage. Here are Threatpost’s Top 10 mobile security stories of 2019.
Facebook Security Debacles: 2019 Year in Review
2019 was a tumultuous year for Facebook as it continued to grapple with privacy fallout after Cambridge Analytica, as well as dealing with a slew of security challenges.
Biggest Malware Threats of 2019
2019 was another banner year for bots, trojans, RATS and ransomware. Let’s take a look back.
Top 10 IoT Disasters of 2019
From more widescale, powerful distributed denial of service (DDoS) attacks, to privacy issues in children’s connected toys, here are the top IoT disasters in 2019.
2019 Malware Trends to Watch
Here are 10 top malware trends to watch for in the New Year.
Top 2018 Security and Privacy Stories
The top cybersecurity and privacy trends that biggest impact in 2018.
2019: The Year Ahead in Cybersecurity
What are the top cyber trends to watch out for in 2019? Here’s what we’re hearing.
2018: A Banner Year for Breaches
A look back at the blizzard of breaches that made up 2018.