Threat Post

FTC Cracks Down on Stalkerware With Retina-X App Bans

Threat Post - Tue, 10/22/2019 - 4:05pm
The FTC has banned the sale of three apps - marketed to monitor children and employees - unless the developers can prove that the apps will be used for legitimate purposes.
Categories: Threat Post

Open Redirect Bug in Bridge Theme Plugin Opens Admins to Spearphishing

Threat Post - Tue, 10/22/2019 - 3:44pm
The Qode Instagram Widget and Qode Twitter Feed both have bugs that could allow redirects to malicious sites.
Categories: Threat Post

No ‘Silver Bullet’ Fix for Alexa, Google Smart Speaker Hacks

Threat Post - Tue, 10/22/2019 - 1:13pm
Karsten Nohl, who was behind this week's research that outlined new eavesdropping hacks for Alexa and Google Home, says that privacy for smart home assistants still has a ways to go.
Categories: Threat Post

Magecart 5 Linked to Carbanak Gang

Threat Post - Tue, 10/22/2019 - 11:11am
The Magecart splinter group known for supply-chain attacks appears to be tied to advanced threat actors.
Categories: Threat Post

Three Service Account Secrets Straight from Hackers and Security Pros

Threat Post - Tue, 10/22/2019 - 9:00am
A survey of nearly 300 Black Hat conference attendees this year showed strong agreement that service accounts are an attractive target.
Categories: Threat Post

Cynet’s free vulnerability assessment offering helps organizations significantly increase their security

Threat Post - Tue, 10/22/2019 - 9:00am
By monitoring their environment, companies can be ready to take action if any weakness – usually a software vulnerability – is found.
Categories: Threat Post

Survey Finds People are Privacy Hypocrites

Threat Post - Tue, 10/22/2019 - 8:27am
A report by HP found that most people admit to looking at others’ computer screens and documents in the workplace while still keeping their own privacy top of mind.
Categories: Threat Post

Gustuff Android Banker Switches Up Technical Approach

Threat Post - Mon, 10/21/2019 - 4:41pm
A host of new features have been added to the malware.
Categories: Threat Post

U.S. Government, Military Personnel Data Leaked By Autoclerk

Threat Post - Mon, 10/21/2019 - 3:36pm
The travel reservation data, along with personal details, of hundreds of thousands was discovered in a database exposed online for all to see.
Categories: Threat Post

Turla Compromises, Infiltrates Iranian APT Infrastructure

Threat Post - Mon, 10/21/2019 - 1:52pm
The Russian-speaking APT stole the Neuron and Nautilus implants and accessed the Iranian APT's C2 infrastructure.
Categories: Threat Post

Avast Network Breached As Hackers Target CCleaner Again

Threat Post - Mon, 10/21/2019 - 11:33am
Avast said it believes that threat actors are again looking to target CCleaner in a supply chain attack.
Categories: Threat Post

New Way Found to Use Alexa, Google to ‘Voice Phish’ and Eavesdrop on Users

Threat Post - Mon, 10/21/2019 - 7:03am
Developer interfaces used by Security Research Labs researchers to turn digital home assistants into ‘Smart Spies’.
Categories: Threat Post

Microsoft Tackles Election Security with Bug Bounties

Threat Post - Fri, 10/18/2019 - 4:04pm
Researchers can earn up to $15,000, depending on the severity of the bug found.
Categories: Threat Post

Execs Could Face Jail Time For Privacy Violations

Threat Post - Fri, 10/18/2019 - 3:01pm
The bill is a direct shot at big tech companies like Facebook as senators try to reel in data-collection policies.
Categories: Threat Post

Major Airport Malware Attack Shines a Light on OT Security

Threat Post - Fri, 10/18/2019 - 11:59am
A cryptomining infection spread to half of the workstations at a major international airport.
Categories: Threat Post

Four-Year-Old Critical Linux Wi-Fi Bug Allows System Compromise

Threat Post - Fri, 10/18/2019 - 11:55am
A patch is currently under revision but has not yet been incorporated into the Linux kernel.
Categories: Threat Post

Podcast: Insider Attacks May Soon Cost Less Than Malware-based Equivalent

Threat Post - Fri, 10/18/2019 - 10:04am
At what point will infiltrating companies via the "insider threat model" become less costly and difficult than using malware? Threatpost discusses with a SolarWind expert.
Categories: Threat Post

Zappos Offers Users 10% Discount in 2012 Breach Settlement

Threat Post - Fri, 10/18/2019 - 8:18am
Lawyers will get $1.6 million in a settlement that stems from a breach that affected more than 24 million customers.
Categories: Threat Post

Phorpiex Botnet Shifts Gears From Ransomware to Sextortion

Threat Post - Thu, 10/17/2019 - 4:17pm
A decade-old botnet is using infected computers to send out sextortion emails, in a wide-scale campaign with the potential to reach millions of victims.
Categories: Threat Post

Hacking Back? BriansClub Dark Web Attack a Boon for Banks

Threat Post - Thu, 10/17/2019 - 1:28pm
The theft of 26 million card records from an underground site offers valuable intel for banks.
Categories: Threat Post