Report: Most Popular Home Routers Have ‘Critical’ Flaws
Common devices from Netgear, Linksys, D-Link and others contain serious security vulnerabilities that even updates don’t fix.
Featured news
Microsoft Warns on OAuth Attacks Against Cloud App Users
1
Application-based attacks that use the passwordless “log in with…” feature common to cloud services are on the rise.
Joker Android Malware Dupes Its Way Back Onto Google Play
A new variant of the Joker malware has hoodwinked its way onto the Google Play marketplace yet again, in 11 Android apps that were recently removed.
Zoom Zero-Day Allows RCE, Patch on the Way
Researchers said that the issue is only exploitable on Windows 7 and earlier.
Editor's Picks
-
Android Users Hit with ‘Undeletable’ Adware
-
Microsoft Releases Emergency Security Updates for Windows 10, Server
-
CISA: Nation-State Attackers Likely to Take Aim at Palo Alto Networks Bug
-
REvil Ransomware Gang Adds Auction Feature for Stolen Data
-
AWS Facial Recognition Platform Misidentified Over 100 Politicians As Criminals
Latest news
Researcher warns the highly-rated Kasa family of security cameras have bugs that gives hackers access to private video feeds and settings.
Starting in August Google is banning ads of products or services promoting stalkerware.
Attackers could hack the smartwatch and send dementia patients alerts for taking their medication.
The server contained almost 270 gigabytes of data collected from 200 police departments, law enforcement training and support resources and fusion centers.
Researchers have found trojans and adware in preinstalled apps on a low-cost device distributed by the government-funded Lifeline Assistance Program.
Most popular
-
Keeper Threat Group Rakes in $7M from Hundreds of Compromised E-Commerce Sites
-
BlueLeaks Server Seized By German Police: Report
-
Zoom Zero-Day Allows RCE, Patch on the Way
-
Microsoft Seizes Malicious Domains Used in Mass Office 365 Attacks
-
BEC Hotshot with Opulent Social Media Presence to Face U.S. Charges
Newsmaker Interviews
Most Recent ThreatLists
-
Trojans, Backdoors and Droppers: The Most-Analyzed Malware
-
ThreatList: People Know Reusing Passwords Is Dumb, But Still Do It
-
70 Percent of Mobile, Desktop Apps Contain Open-Source Bugs
-
ThreatList: Human-Mimicking Bots Spike, Targeting e-Commerce and Travel
-
ThreatList: Skype-Themed Apps Hide a Raft of Malware
PodcastsView all
Podcast: Securing Railway Systems Against Hacks
Dr. Jesus Molina, director of Industrial IOT with Waterfall Security Solutions, discusses the security challenges facing rail networks and systems.
EvilQuest: Inside A ‘New Class’ of Mac Malware
Mac expert Thomas Reed discusses how EvilQuest is ushering in a new class of Mac malware.
AWS Facial Recognition Platform Misidentified Over 100 Politicians As Criminals
Comparitech’s Paul Bischoff found that Amazon’s facial recognition platform misidentified an alarming number of people, and was racially biased.
News Wrap: Malicious Chrome Extensions Removed, CIA ‘Woefully Lax’ Security Policies Bashed
Insider threats, the CIA’s bad security policies, and malicious Chrome extensions were the topics of discussion during this week’s news wrap podcast.
Podcast: Would You Use A Contact-Tracing Coronavirus App?
Contact tracing apps for the coronavirus are being developed and tested globally as the world starts to re-open. Are the apps worth using to flatten the curve? Or do data privacy worries trump public health?
News Wrap: Fake Minneapolis Police Breach, Zoom End-To-End Encryption Debate
Threatpost editors discuss debunked reports of a Minneapolis police department breach and Zoom announcing only paying users would get end-to-end encryption.
Podcast: Why Identity Access Management is the New Perimeter
DivvyCloud discusses the changing nature of identity access management (IAM) – and what kind of challenges and opportunities that is creating for businesses.
Verizon DBIR: Web App Attacks and Security Errors Surge
Threatpost talks to Verizon DBIR co-author Gabriel Bassett about the top takeaways from this year’s Data Breach Investigations Report.
News Wrap: Ransomware Extortion Tactics, Contact-Tracing App Security Worries
Threatpost editors discuss recent ransomware attacks and contact-tracing app privacy concerns.
VideosView all
BEC Gang Exploits G Suite, Long Domain Names in Cyberattacks
BEC gangs like “Exaggerated Lion” are using tricky tactics – like exploiting G Suite – to scam companies out of millions.
Fake Skype, Signal Apps Used to Spread Surveillanceware
Threat groups are increasingly relying on trojanized apps pretending to be legitimate – such as Skype or Signal – but are really spreading surveillanceware.
Tokyo Olympics Postponed, But 5G Security Lessons Shine
Threatpost Senior Editor Tara Seals is joined by Russ Mohr, engineer and Apple evangelist at MobileIron along with Jerry Ray, COO at SecureAge, for a discussion about the now postponed Tokyo Games and its use of 5G and the myriad of security concerns Japan is preparing for.
Cloud Misconfig Mistakes Show Need For DevSecOps
Unit 42 researchers discuss public cloud misconfiguration issues that are leading to breaches of sensitive data.
Akamai Talks Massive Uptick in Credential-Stuffing Attacks Against Bank APIs
Researchers with Akamai say that 75 percent of all credential abuse attacks against the financial services industry were targeting APIs.
Chris Eng: Patch Management Challenges Drive ‘Security Debt’
Chris Eng with Veracode talks about how organizations are falling into security debt due to patch management issues.
Cobalt Ulster Strikes Again With New ForeLord Malware
Threatpost talks to Alex Tilley, senior security researcher with Dell SecureWorks’ Counter Threat Unit Research Team, about a recently discovered campaign linked to an Iranian APT.
Forrester: Keeping Smart Cities Safe From Hacks
As cities grow more connected, municipal operators must deal with new risks like ransomware, IoT hacks and more.
Patrick Wardle: Apple Devices Hit With Recycled macOS Malware
Patrick Wardle talks about the biggest threats he’s seeing impacting Apple devices.
SlideshowView all
2020 Cybersecurity Trends to Watch
Mobile becomes a prime phishing attack vector, hackers will increasingly employ machine learning in attacks and cloud will increasingly be seen as fertile ground for compromise.
Top Mobile Security Stories of 2019
Cybercrime increasingly went mobile in 2019, with everything from Apple iPhone jailbreaks and rogue Android apps to 5G and mobile-first phishing dominating the news coverage. Here are Threatpost’s Top 10 mobile security stories of 2019.
Facebook Security Debacles: 2019 Year in Review
2019 was a tumultuous year for Facebook as it continued to grapple with privacy fallout after Cambridge Analytica, as well as dealing with a slew of security challenges.
Biggest Malware Threats of 2019
2019 was another banner year for bots, trojans, RATS and ransomware. Let’s take a look back.
Top 10 IoT Disasters of 2019
From more widescale, powerful distributed denial of service (DDoS) attacks, to privacy issues in children’s connected toys, here are the top IoT disasters in 2019.
2019 Malware Trends to Watch
Here are 10 top malware trends to watch for in the New Year.
Top 2018 Security and Privacy Stories
The top cybersecurity and privacy trends that biggest impact in 2018.
2019: The Year Ahead in Cybersecurity
What are the top cyber trends to watch out for in 2019? Here’s what we’re hearing.
2018: A Banner Year for Breaches
A look back at the blizzard of breaches that made up 2018.