Threatpost

Threatpost The First Stop for Security News Threatpost is the first stop for fast-breaking security news, conversations and analysis from around the world.

Join us on Monday for: Security Innovation: Secure Systems Start with Foundational Hardwarehttps://bit.ly/3ywedfM
08/07/2022

Join us on Monday for: Security Innovation: Secure Systems Start with Foundational Hardware

https://bit.ly/3ywedfM

LIVE EVENT, MONDAY JULY 11: Join Threatpost and Intel Security’s Tom Garrison in a live conversation about innovation enabling stakeholders to stay ahead of a dynamic threat landscape and what Intel Security learned from their latest study in partnership with Ponemon Institue.

yay or nay? Weigh in during our upcoming roundtable on lessons learned from and how to prepare for future attacks....
08/03/2022

yay or nay? Weigh in during our upcoming roundtable on lessons learned from and how to prepare for future attacks. Register now for the free event on Thursday, March 10 at 2PM ET https://bit.ly/3ptX9ln

Register NOW for this LIVE event to learn why the Log4j vulnerability is so severe and easy steps you can take to mitigate your risk.

It’s not just Ukraine: There’s a flood of intel on Russian military, nukes and crooks, says dark-web intel expert Vinny ...
03/03/2022

It’s not just Ukraine: There’s a flood of intel on Russian military, nukes and crooks, says dark-web intel expert Vinny T***a, even with the Conti ransomware gang shuttering its leaking Jabber chat server.

https://threatpost.com/russia-leaks-data-thousand-cuts-podcast/178749/

It’s not just Ukraine: There's a flood of intel on Russian military, nukes and crooks, says dark-web intel expert Vinny T***a, even with the Conti ransomware gang shuttering its leaking Jabber chat server.

Log4j Exploit: Lessons Learned and Risk Reduction Best Practices —Register NOW for this LIVE event on Thursday, March 10...
03/03/2022

Log4j Exploit: Lessons Learned and Risk Reduction Best Practices —
Register NOW for this LIVE event on Thursday, March 10 at 2PM ET to learn why the vulnerability remains so severe and what the easy steps are to mitigate risk. Join Threatpost's Becky Bracken in conversation with Justin Young from Sonatype

https://bit.ly/3IwGoxs

Register NOW for this LIVE event to learn why the Log4j vulnerability is so severe and easy steps you can take to mitigate your risk.

Join our upcoming cybersecurity event on keeping your organization's secrets safe. Register for the free, live roundtabl...
18/02/2022

Join our upcoming cybersecurity event on keeping your organization's secrets safe. Register for the free, live roundtable on 2-23 at 2pm ET and submit your questions ahead of time. Sponsored by Keeper Security.

Register NOW for this LIVE event to learn what the pitfalls of insecure cloud data is, how to lock secrets down and thwart attacks.

We're looking for cybersecurity pros to join our live roundtable event all about finding and securing your organization'...
18/02/2022

We're looking for cybersecurity pros to join our live roundtable event all about finding and securing your organization's most valuable data. Register now for this free roundtable event below. Sponsored by Keeper Security.

https://bit.ly/3rHbEnu

Register NOW for this LIVE event to learn what the pitfalls of insecure cloud data is, how to lock secrets down and thwart attacks.

Check the forecast for cloud security in 2022 and cut your chances of being caught in the middle of a storm. # https...
17/02/2022

Check the forecast for cloud security in 2022 and cut your chances of being caught in the middle of a storm. #

https://bit.ly/3gR4rLm

Stay ahead of learning what the emerging cloud trends are for defenders and attackers. Get the whole story and download this FREE eBook today!

Not the chips! Maker behind chip brands Popchips, Tyrrell's and others hit with which could delay deliveries to retail...
03/02/2022

Not the chips! Maker behind chip brands Popchips, Tyrrell's and others hit with which could delay deliveries to retailers through March.

The Conti gang strikes again, disrupting the nom-merchant's supply chain and threatening supermarket shelves that could stay empty for weeks.

Wearable medical devices put patients at risk of tracking, data theft, Kaspersky researchers found — including devices f...
03/02/2022

Wearable medical devices put patients at risk of tracking, data theft, Kaspersky researchers found — including devices from Fitbit, Apple and Samsung.

Rising critical unpatched vulnerabilities and a lack of encryption leave medical device data defenseless, researcher warn.

Running Saba for file sharing? You're gonna need to patch that.
02/02/2022

Running Saba for file sharing? You're gonna need to patch that.

The issue in the file-sharing and interop platform also affects Red Hat, SUSE Linux and Ubuntu packages.

Nifty Penguin Magic (npm) JavaScript repository turns out to be a great way to deliver malicious code for and more....
02/02/2022

Nifty Penguin Magic (npm) JavaScript repository turns out to be a great way to deliver malicious code for and more. https://threatpost.com/malicious-npm-packages-web-apps/178137/

Attackers increasingly are using malicious JavaScript packages to steal data, engage in cryptojacking and unleash botnets, offering a wide supply-chain attack surface for threat actors.

Charming Kitten APT back with new tools, likely eyeing bigger targets, Cybereason researchers say.
02/02/2022

Charming Kitten APT back with new tools, likely eyeing bigger targets, Cybereason researchers say.

The notorious Iranian APT is fortifying its arsenal with new malicious tools and evasion tactics and may even be behind the Memento ransomware.

Group is using Windows Update to spray malware in a campaign powered by a GitHub C2 server, Malwarebytes Labs research...
28/01/2022

Group is using Windows Update to spray malware in a campaign powered by a GitHub C2 server, Malwarebytes Labs researchers have found.

The APT is (again) dangling job opportunities in front of engineers in a spear-phishing campaign. This time, the North Korean APT was masquerading as Lockheed Martin לוקהיד מרטין ישראל recruiters.

https://threatpost.com/lazarus-apt-windows-update-malware-github/178096/

The group once again dangled fake job opportunities at engineers in a spear-phishing campaign that used Windows Update as a living-off-the-land technique and GitHub as a C2.

’s payout is (temporarily) up to $400K: Not surprising, given Trustwave SpiderLabs’ discovery of a new way to bypass an...
28/01/2022

’s payout is (temporarily) up to $400K: Not surprising, given Trustwave SpiderLabs’ discovery of a new way to bypass an security feature to dump malicious links into victims' laps.

https://threatpost.com/zerodium-payout-outlook-zero-days/178089/

The sweetened deal came on the same day that Trustwave SpiderLabs published a new way to bypass Outlook security to deliver malicious links to victims.

The malicious 2FA app was finally yanked from Google Play, but not before being downloaded >10K times. It came loaded wi...
28/01/2022

The malicious 2FA app was finally yanked from Google Play, but not before being downloaded >10K times. It came loaded with the stealer malware that swoops down on financial data. Report from .
https://threatpost.com/2fa-app-banking-trojan-google-play/178077/

The Vultur trojan steals bank credentials but asks for permissions to do far more damage down the line.

QNAP had to push out an unexpected (and not entirely welcome) NAS device update, and Delta Electronics' network has been...
28/01/2022

QNAP had to push out an unexpected (and not entirely welcome) NAS device update, and Delta Electronics' network has been crippled. Thanks for the input, .
https://threatpost.com/conti-deadbolt-delta-qnap-ransomware/178083/

QNAP had to push out an unexpected (and not entirely welcome) NAS device update, and Delta Electronics' network has been crippled.

& Cofense researchers separately spotted threat actors increasingly using scams that spoof package couriers like DHL o...
27/01/2022

& Cofense researchers separately spotted threat actors increasingly using scams that spoof package couriers like DHL or the USPS in authentic-looking phishing emails.
https://threatpost.com/shipment-delivery-scams-a-fav-way-to-spread-malware/178050/

Attackers increasingly are spoofing the courier DHL and using socially engineered messages related to packages to trick users into downloading Trickbot and other malicious payloads.

Address


Website

Alerts

Be the first to know and let us send you an email when Threatpost posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Contact The Business

Send a message to Threatpost:

Videos

Emotet’s Takedown: Have We Seen the Last of the Malware?
Emotet’s Takedown: Have We Seen the Last of the Malware?

How were the recent law enforcement actions against #Emotet and #Trickbot different? Sherrod DeGrippo with Proofpoint, who has been tracking both malware families for years, explains. https://threatpost.com/emotets-takedown-have-we-seen-the-last-of-the-malware/163636/

A Look Ahead at 2021: SolarWinds Fallout and Shifting CISO Budgets
A Look Ahead at 2021: SolarWinds Fallout and Shifting CISO Budgets

#Healthcare cyberattacks will continue to dominate top #security trends this year as cybercriminals plan opportunistic hacks on hospitals. Listen to Threatpost editors' top predictions for 2021 during our podcast. https://threatpost.com/2021-solarwinds-fallout-shifting-ciso-budgets/162897/

How the Pandemic is Reshaping the Bug-Bounty Landscape
How the Pandemic is Reshaping the Bug-Bounty Landscape

Casey Ellis, founder and CTO of Bugcrowd, said that COVID-19’s far-reaching imoact - including increasing the acceptance of remote work, pushing more users to digital platforms and other aspects - are creating unanticipated new trends for bug-bounty platforms. What do you think?

Cybercriminals Step Up Their Game Ahead of U.S. Elections
Cybercriminals Step Up Their Game Ahead of U.S. Elections

Ahead of the November U.S. elections, cybercriminals are stepping up their offensive in both attacks against security infrastructure and disinformation campaigns – but this time, social media giants, the government and citizens are more prepared.

305 CVEs and Counting: Bug-Hunting Stories From a Security Engineer
305 CVEs and Counting: Bug-Hunting Stories From a Security Engineer

Larry Cashdollar with Akamai talks about his craziest stories over the years finding vulnerabilities - including accidentally throwing a wrench in a demo of the Aegis destroyer class ship for a Navy Admiral.

Critical Industrial Flaws Pose Patching Headache For Manufacturers
Critical Industrial Flaws Pose Patching Headache For Manufacturers

When it comes to patching critical flaws, industrial firms face various challenges – with some needing to shut down entire factories in order to apply updates, explains Claroty's Sharon Brizinov.

A Cyber ‘Vigilante’ is Sabotaging Emotet’s Return
A Cyber ‘Vigilante’ is Sabotaging Emotet’s Return

The banking trojan Emotet has returned after a five-month hiatus - But one cyber vigilante is thwarting the malware’s comeback. Researchers say a mysterious vigilante is fighting the threat actors behind the malware’s comeback by replacing malicious Emotet payloads with whimsical GIFs and memes.

Black Hat USA 2020: Critical Meetup.com Flaws Reveal Common AppSec Holes
Black Hat USA 2020: Critical Meetup.com Flaws Reveal Common AppSec Holes

Erez Yalon, the director of security research with Checkmarx, talks about critical flaws in the popular Meetup platform that were revealed as part of research unleashed at this week’s Black Hat USA 2020.

Black Hat USA 2020 Preview: Election Security, COVID Disinformation and More
Black Hat USA 2020 Preview: Election Security, COVID Disinformation and More

Despite COVID-19 pushing Black Hat USA virtual for the first time, you can still expect a steady stream of new security research. Learn more about the conference's hottest topics during our official preview podcast.

Encryption Under ‘Full-Frontal Nuclear Assault’ By U.S. Bills
Encryption Under ‘Full-Frontal Nuclear Assault’ By U.S. Bills

Proposed legislation like the EARN IT Act and the Lawful Access to Encrypted Data Act are a "full frontal nuclear assault" on encryption and privacy, said Riana Pfefferkorn, associate director of Surveillance and Cybersecurity at the Stanford Center for Internet and Society.

Troves of Zoom Credentials Shared on Hacker Forums
Troves of Zoom Credentials Shared on Hacker Forums

Underground forums are abuzz with discussions about obtaining – and leveraging – credentials for Zoom, Webex and other web conferencing systems. Etay Maor with IntSights talks about what he's seeing.

News Wrap: Nintendo Account Hacks, Apple Zero Days, NFL Security
News Wrap: Nintendo Account Hacks, Apple Zero Days, NFL Security

#Nintendo has confirmed that more than 160,000 accounts have been hacked. Tune in to the Threatpost news wrap #podcast to hear more.

Shortcuts

  • Address
  • Alerts
  • Contact The Business
  • Videos
  • Claim ownership or report listing

  • Want your business to be the top-listed Media Company?

Share