News

Forensic analysis shows a Chinese APT using Equation Group hacking tools at least a year before Shadow Brokers dumped its cache in April 2017.

Alibaba, Azure and more used for badness, warns infosec biz

Spammers are increasingly turning to common file-sharing and object storage services such as Google Drive and Microsoft Azure, in an attempt to evade ever-better corporate filters.…

Oleksii Petrovich Ivanov has been extradited in the U.S. after allegedly launching malvertising campaigns that caused victims to view malicious ads on more than 100 million occasions.

Engineers knew of problem in 2017. Management didn't until after fatal crash

As the 737 MAX scandal rolls on, "software delivered to Boeing" has been blamed by the company for the malfunctioning of a safety display.…

Quick-fire summary of the past few days of news

Roundup  Welcome back, Brits, from your three-day Bank Holiday week. Allow us to catch you up on recent infosec comings and goings.…

After researchers were able to bypass a file upload validation flaw patch in WP Live Chat, a new patch has been issued.

The cutthroat world of children's food in the spotlight

After a year-long investigation, a top California exec has been arrested by the FBI for allegedly hacking into a competitor's website and stealing their customer data in an effort to ruin their business.…

Snowballing attacks using a recently patched critical bug show no sign of abating.

Cisco patches two high-severity bugs that could be exploited by remote attackers.

Web scammers are going after Marvel fans as the movie passes the $2.2 billion box-office mark, making it the second-highest grossing film of all time, behind only Avatar.

The three flaws enable an unauthenticated attacker to launch remote code execution attacks on printers.

A digital signing flaw killed add-ons for Firefox as well as Tor -- and no patch is yet available for Tor users.

Will connected devices be insecure forever? Or will legislation - such as the recent UK mandate announced this week - help boost IoT security?

Amidst the PR glitz and popularity of bug bounty programs, experts worry that actual smart security strategy is being left behind.

Short on concrete details but long on affirming cybersecurity skills as a critical piece of federal defense, the White House executive order aims to bolster the national cyber workforce.

Lets the President’s Cup Cybersecurity Competition begin! And may the odds be ever in your favor

"A year after the White House eliminated the position of cybersecurity coordinator, President Donald Trump called for everyone else to do the opposite and push cybersecurity coordination through worker training and recruitment."…

The Threatpost team breaks down the strangest security stories this week - from Cartoon Network hacked to show stripper videos, to a church being scammed out of $1.75 million.

Sudden flurry of forum posts leaves a few clues

Programmers say they've been hit by ransomware that seemingly wipes their Git repositories' commits and replaces them with a ransom note demanding Bitcoin.…

Yes, yes, yes, we've told the ICO we are doing so, says HMRC

Her Majesty’s Revenue and Customs, aka the tax collector, has agreed to delete five million voice recordings it used to create biometric IDs.…

The malware has new tricks, like using the stunnel encrypted tunneling mechanism and abusing a legitimate shareware app.