The First Stop For Security News
Updated: 41 min 47 sec ago
Why many attack techniques can be reused – but organizations can't defend against them.
The duo are convicted of infecting 400,000 computers in the U.S. with malware and scamming victims out of millions of dollars.
The custom malware is a spy tool and can also disrupt processes at U.S. assets.
Yet another Wordpress plugin, Yellow Pencil Visual Theme Customizer, is being exploited in the wild after two software vulnerabilities were discovered.
Convincing phishing pages and millions of suspicious apps are plaguing tax season.
A vulnerability in the Yuzo Related Posts WordPress plugin, used by 60,000 websites, is being exploited in the wild.
At SAS 2019, Recorded Future CTO discusses a new kind of high-profile influence campaign spotted using a new technique: Old news.
Amazon is under fire for its privacy policies after a Bloomberg report revealed that the company hires auditors to listen to Echo recordings.
At the Security Analyst Summit, Threatpost editor Tara Seals catches up with Joe FitzPatrick, researcher with Securing Hardware, to discuss supply chain threats.
Yahoo is taking a second stab at settling a massive lawsuit regarding the data breaches that the Internet company faced between 2013 and 2016.
In only the second known attack of the Russia-linked malware, which shut down an oil refinery in 2017, another Mideast target has been hit.
The SneakyPastes campaign was highly effective but hardly advanced.
A highly sophisticated APT framework has been found targeting a single Central Asian diplomatic entity for years.
Overall Intel patched four vulnerabilities, including high-severity flaws in its Media SDK and Intel NUC mini PC.
During its regularly scheduled April security update, Adobe overall issued 43 patches, including ones for 24 critical vulnerabilities in eight of its products.
The Samsung Galaxy S10 fingerprint sensor can be fooled in a hack that takes a mere 13 minutes and involves a 3D printed fingerprint.
The challenge for most enterprises is that the demand for software is so high that traditional development teams often can’t keep up.
A high-severity flaw in the Verizon Fios Quantum Gateway, used in millions of U.S. homes, could allow for command injection.
Flowershop, Equation, Flame and Duqu appear to have a hand in the different phases of Stuxnet development, all working as part of an operation active as early as 2006.
An underground marketplace is selling tens of thousands of compromised digital identities, paving the way for cybercriminals to commit online fraud.