Threatpost

Featured news

International Authorities Take Down Flubot Malware Network

The info-stealing trojan used SMS messages and lifted contact credentials to spread with unprecedented speed across Android devices globally since December 2020.

Cybercriminals Expand Attack Radius and Ransomware Pain Points

by Threatpost

June 2, 2022

Melissa Bischoping, security researcher with Tanium and Infosec Insiders columnist, urges firms to consider the upstream and downstream impact of “triple extortion” ransomware attacks.

Scammers Target NFT Discord Channel

Hackers escalate phishing and scamming attacks to exploit popular Discord bot and persuade users to click on the malicious links.

Microsoft Releases Workaround for ‘One-Click’ 0Day Under Active Attack

Threat actors already are exploiting vulnerability, dubbed ‘Follina’ and originally identified back in April, to target organizations in Russia and Tibet, researchers said.

Latest news

The Challenge Digital Executive Protection Poses to Enterprise Security Teams

June 2, 2022

CISOs do heroic work protecting their executives when inside the organization’s four walls. But risks originating in personal digital lives present a challenge that enterprise security teams cannot solve, even if they wanted to.

EnemyBot Malware Targets Web Servers, CMS Tools and Android OS

by Sagar Tiwari

May 31, 2022

Malware borrows generously from code used by other botnets such as Mirai, Qbot and Zbot.

ChromeLoader Browser Hijacker Provides Gateway to Bigger Threats

by Elizabeth Montalbano

May 31, 2022

The malvertiser’s use of PowerShell could push it beyond its basic capabilities to spread ransomware, spyware or steal data from browser sessions, researchers warn.

Zero-Day ‘Follina’ Bug Lays Microsoft Office Open to Attack

by Sagar Tiwari

May 30, 2022

Malware loads itself from remote servers and bypasses Microsoft’s Defender AV scanner, according to reports.

Critical Flaws in Popular ICS Platform Can Trigger RCE

by Elizabeth Montalbano

May 27, 2022

Cisco Talos discovered eight vulnerabilities in the Open Automation Software, two of them critical, that pose risk for critical infrastructure networks.

PodcastsView all

Staff Think Conti Group Is a Legit Employer – Podcast

The ransomware group’s benefits – bonuses, employee of the month, performance reviews & top-notch training – might be better than yours, says BreachQuest’s Marco Figueroa.

Multi-Ransomwared Victims Have It Coming–Podcast

Let’s blame the victim. IT decision makers’ confidence about security doesn’t jibe with their concession that repeated incidents are their own fault, says ExtraHop’s Jamie Moles.

Russia Leaks Data From a Thousand Cuts–Podcast

It’s not just Ukraine: There’s a flood of intel on Russian military, nukes and crooks, says dark-web intel expert Vinny Troia, even with the Conti ransomware gang shuttering its leaking Jabber chat server.

The State of Secrets Sprawl – Podcast

In this podcast, we dive into the 2022 edition of the State of Secrets Sprawl report with Mackenzie Jackson, developer advocate at GitGuardian. We talk issues that corporations face with public leaks from groups like Lapsus and more, as well as ways for developers to keep their code safe.

Cyberattackers Put the Pedal to the Medal: Podcast

Fortinet’s Derek Manky discusses the exponential increase in the speed that attackers weaponize fresh vulnerabilities, where botnets and offensive automation fit in, and the ramifications for security teams.

MacOS Malware: Myth vs. Truth – Podcast

Huntress Labs R&D Director Jamie Levy busts the old “Macs don’t get viruses” myth and offers tips on how MacOS malware differs and how to protect against it.

A Blockchain Primer and a Bored Ape Headscratcher – Podcast

Mystified? Now’s the time to learn about cryptocurrency-associated risks: Listen to KnowBe4’s Dr. Lydia Kostopoulos explain blockchain, NFTs and how to stay safe.

Top 3 Attack Trends in API Security – Podcast

Bots & automated attacks have exploded, with attackers and developers alike in love with APIs, according to a new Cequence Security report. Hacker-in-residence Jason Kent explains the latest.

Reporting Mandates to Clear Up Feds’ Hazy Look into Threat Landscape – Podcast

It’s about time, AttackIQ’s Jonathan Reiber said about 24H/72H report deadlines mandated in the new spending bill. As it is, visibility into adversary behavior has been muck.

Staff Think Conti Group Is a Legit Employer – Podcast

The ransomware group’s benefits – bonuses, employee of the month, performance reviews & top-notch training – might be better than yours, says BreachQuest’s Marco Figueroa.

Multi-Ransomwared Victims Have It Coming–Podcast

Let’s blame the victim. IT decision makers’ confidence about security doesn’t jibe with their concession that repeated incidents are their own fault, says ExtraHop’s Jamie Moles.

Russia Leaks Data From a Thousand Cuts–Podcast

It’s not just Ukraine: There’s a flood of intel on Russian military, nukes and crooks, says dark-web intel expert Vinny Troia, even with the Conti ransomware gang shuttering its leaking Jabber chat server.

The State of Secrets Sprawl – Podcast

In this podcast, we dive into the 2022 edition of the State of Secrets Sprawl report with Mackenzie Jackson, developer advocate at GitGuardian. We talk issues that corporations face with public leaks from groups like Lapsus and more, as well as ways for developers to keep their code safe.

Cyberattackers Put the Pedal to the Medal: Podcast

Fortinet’s Derek Manky discusses the exponential increase in the speed that attackers weaponize fresh vulnerabilities, where botnets and offensive automation fit in, and the ramifications for security teams.

MacOS Malware: Myth vs. Truth – Podcast

Huntress Labs R&D Director Jamie Levy busts the old “Macs don’t get viruses” myth and offers tips on how MacOS malware differs and how to protect against it.

A Blockchain Primer and a Bored Ape Headscratcher – Podcast

Mystified? Now’s the time to learn about cryptocurrency-associated risks: Listen to KnowBe4’s Dr. Lydia Kostopoulos explain blockchain, NFTs and how to stay safe.

Top 3 Attack Trends in API Security – Podcast

Bots & automated attacks have exploded, with attackers and developers alike in love with APIs, according to a new Cequence Security report. Hacker-in-residence Jason Kent explains the latest.

Reporting Mandates to Clear Up Feds’ Hazy Look into Threat Landscape – Podcast

It’s about time, AttackIQ’s Jonathan Reiber said about 24H/72H report deadlines mandated in the new spending bill. As it is, visibility into adversary behavior has been muck.

Staff Think Conti Group Is a Legit Employer – Podcast

The ransomware group’s benefits – bonuses, employee of the month, performance reviews & top-notch training – might be better than yours, says BreachQuest’s Marco Figueroa.

Multi-Ransomwared Victims Have It Coming–Podcast

Let’s blame the victim. IT decision makers’ confidence about security doesn’t jibe with their concession that repeated incidents are their own fault, says ExtraHop’s Jamie Moles.

Russia Leaks Data From a Thousand Cuts–Podcast

It’s not just Ukraine: There’s a flood of intel on Russian military, nukes and crooks, says dark-web intel expert Vinny Troia, even with the Conti ransomware gang shuttering its leaking Jabber chat server.

View all podcasts

VideosView all

How the Pandemic is Reshaping the Bug-Bounty Landscape

Bugcrowd Founder Casey Ellis talks about COVID-19’s impact on bug bounty hunters, bug bounty program adoption and more.

Experts Weigh in on E-Commerce Security Amid Snowballing Threats

How a retail sector reeling from COVID-19 can lock down their online systems to prevent fraud during the upcoming holiday shopping spike.

Cybercriminals Step Up Their Game Ahead of U.S. Elections

Ahead of the November U.S. elections, cybercriminals are stepping up their offensive in both attacks against security infrastructure and disinformation campaigns – but this time, social media giants, the government and citizens are more prepared.

Lyceum APT Returns, This Time Targeting Tunisian Firms

The APT, which targets Middle-Eastern energy firms & telecoms, has been relatively quiet since its exposure but not entirely silent. It’s kept up attacks through 2021 and is working on retooling its arsenal yet again.

National Surveillance Camera Rollout Roils Privacy Activists

TALON, a network of smart, connected security cameras developed by the Atlanta-based startup and installed by law enforcement around the country, raises surveillance-related privacy concerns.

Malware Gangs Partner Up in Double-Punch Security Threat

From TrickBot to Ryuk, more malware cybercriminal groups are putting their heads together when attacking businesses.

How Email Attacks are Evolving in 2021

The money being wire transferred by business email compromise victims is on the rise, as cybersecurity criminals evolve their tactics.

Patrick Wardle on Hackers Leveraging ‘Powerful’ iOS Bugs in High-Level Attacks

Noted Apple security expert Patrick Wardle discusses how cybercriminals are stepping up their game in targeting Apple users with new techniques and cyberattacks.

Ransomware and IP Theft: Top COVID-19 Healthcare Security Scares

From ransomware attacks that crippled hospitals, to espionage attacks targeting COVID-19 vaccine supply chain, Beau Woods discusses the top healthcare security risks.

How the Pandemic is Reshaping the Bug-Bounty Landscape

Bugcrowd Founder Casey Ellis talks about COVID-19’s impact on bug bounty hunters, bug bounty program adoption and more.

Experts Weigh in on E-Commerce Security Amid Snowballing Threats

How a retail sector reeling from COVID-19 can lock down their online systems to prevent fraud during the upcoming holiday shopping spike.

Cybercriminals Step Up Their Game Ahead of U.S. Elections

Ahead of the November U.S. elections, cybercriminals are stepping up their offensive in both attacks against security infrastructure and disinformation campaigns – but this time, social media giants, the government and citizens are more prepared.

Lyceum APT Returns, This Time Targeting Tunisian Firms

The APT, which targets Middle-Eastern energy firms & telecoms, has been relatively quiet since its exposure but not entirely silent. It’s kept up attacks through 2021 and is working on retooling its arsenal yet again.

National Surveillance Camera Rollout Roils Privacy Activists

TALON, a network of smart, connected security cameras developed by the Atlanta-based startup and installed by law enforcement around the country, raises surveillance-related privacy concerns.

Malware Gangs Partner Up in Double-Punch Security Threat

From TrickBot to Ryuk, more malware cybercriminal groups are putting their heads together when attacking businesses.

How Email Attacks are Evolving in 2021

The money being wire transferred by business email compromise victims is on the rise, as cybersecurity criminals evolve their tactics.

Patrick Wardle on Hackers Leveraging ‘Powerful’ iOS Bugs in High-Level Attacks

Noted Apple security expert Patrick Wardle discusses how cybercriminals are stepping up their game in targeting Apple users with new techniques and cyberattacks.

Ransomware and IP Theft: Top COVID-19 Healthcare Security Scares

From ransomware attacks that crippled hospitals, to espionage attacks targeting COVID-19 vaccine supply chain, Beau Woods discusses the top healthcare security risks.

How the Pandemic is Reshaping the Bug-Bounty Landscape

Bugcrowd Founder Casey Ellis talks about COVID-19’s impact on bug bounty hunters, bug bounty program adoption and more.

Experts Weigh in on E-Commerce Security Amid Snowballing Threats

How a retail sector reeling from COVID-19 can lock down their online systems to prevent fraud during the upcoming holiday shopping spike.

Cybercriminals Step Up Their Game Ahead of U.S. Elections

Ahead of the November U.S. elections, cybercriminals are stepping up their offensive in both attacks against security infrastructure and disinformation campaigns – but this time, social media giants, the government and citizens are more prepared.

View all videos

SlideshowView all

2019: The Year Ahead in Cybersecurity

What are the top cyber trends to watch out for in 2019? Here’s what we’re hearing.

2018: A Banner Year for Breaches

A look back at the blizzard of breaches that made up 2018.

2020 Cybersecurity Trends to Watch

Mobile becomes a prime phishing attack vector, hackers will increasingly employ machine learning in attacks and cloud will increasingly be seen as fertile ground for compromise.

Facebook Security Debacles: 2019 Year in Review

2019 was a tumultuous year for Facebook as it continued to grapple with privacy fallout after Cambridge Analytica, as well as dealing with a slew of security challenges.

Biggest Malware Threats of 2019

2019 was another banner year for bots, trojans, RATS and ransomware. Let’s take a look back.

Top 10 IoT Disasters of 2019

From more widescale, powerful distributed denial of service (DDoS) attacks, to privacy issues in children’s connected toys, here are the top IoT disasters in 2019.

2019: The Year Ahead in Cybersecurity

What are the top cyber trends to watch out for in 2019? Here’s what we’re hearing.

2018: A Banner Year for Breaches

A look back at the blizzard of breaches that made up 2018.

2020 Cybersecurity Trends to Watch

Mobile becomes a prime phishing attack vector, hackers will increasingly employ machine learning in attacks and cloud will increasingly be seen as fertile ground for compromise.

Facebook Security Debacles: 2019 Year in Review

2019 was a tumultuous year for Facebook as it continued to grapple with privacy fallout after Cambridge Analytica, as well as dealing with a slew of security challenges.

Biggest Malware Threats of 2019

2019 was another banner year for bots, trojans, RATS and ransomware. Let’s take a look back.

Top 10 IoT Disasters of 2019

From more widescale, powerful distributed denial of service (DDoS) attacks, to privacy issues in children’s connected toys, here are the top IoT disasters in 2019.