Jason Kent, hacker-in-residence at Cequence, walks through online-retail card fraud and what to do about it.
https://threatpost.com/third-party-apis-enumeration-attacks/162589/
Hackers claim to have access to classified information linking the president to the origin of the coronavirus and criminal collusion with foreign actors.
Ahead of the November U.S. elections, cybercriminals are stepping up their offensive in both attacks against security infrastructure and disinformation campaigns - but this time, social media gia...
https://threatpost.com/cybercriminals-step-up-game-us-elections/160373/
Five alleged members of the China-linked advanced threat group and two associates have been indicted by a Federal grand jury, on dozens of charges.
https://threatpost.com/apt41-operatives-indicted-hacking/159324/
With many in the public sphere warning about a potential compromise of the integrity of the Presidential Election, security researchers instead flag online resources and influence campaigns as th...
https://threatpost.com/2020-election-secure-vote-tallies-problem/158533/
CryptBB becomes more inclusive by inviting less experienced hackers to learn from expert cybercriminals and one another.
https://threatpost.com/threat-actors-introduce-unique-newbie-hacker-forum/157489/
Attackers could hack the smartwatch and send dementia patients alerts for taking their medication.
https://threatpost.com/smartwatch-hack-could-trick-dementia-patients-into-overdosing/157352/
Latest version of UnC0ver uses unpatched zero-day exploit to take complete control of devices, even those running iOS 13.5.
https://threatpost.com/new-ios-jailbreak-tool-works-on-iphone-models-ios-11-to-ios-13-5/156045/
Flaws in the blockchain app some states plan to use in the 2020 election allow bad actors to alter or cancel someone’s vote or expose their private info.
APT group poses as a former Wall Street Journal journalist to launch phishing campaigns and steal victim email account details.
https://threatpost.com/charming-kitten-uses-fake-interview-requests-to-target-public-figures/152628/
Hefty collection of U.S. and international payment cards from the incident revealed in December found up for sale on dark-web marketplace Joker’s Stash.
https://threatpost.com/wawa-breach-30-million-customers/152328/
Authorities cracked down on cybercrime group Evil Corp. with sanctions and charges against its leader, known for his lavish lifestyle.
https://threatpost.com/feds-5m-reward-evil-corp-dridex-hacker/150858/
Prosecution asks for imprisonment of the hacker who stole nude photos and other personal data from women’s iCloud accounts and then distributed some of the material online.
He and co-conspirators stole 50 gigs of music and leaked some of it onto the internet.
https://threatpost.com/austin-man-indicted-stealing-unreleased-music/150633/
White-hat hackers using never-before-seen zero days against popular applications and devices against competed at two-day gathering in Chengdu.
Just weeks before the midterms, voter information from 19 states has turned up on the Dark Web.
https://threatpost.com/up-to-35-million-2018-voter-records-for-sale-on-hacking-forum/138295/
The DNC thwarts a phishing effort aimed at its voter database, days after Microsoft's Fancy Bear disruption and Facebook's efforts against Iranian propaganda.
https://threatpost.com/dnc-becomes-latest-target-in-series-of-election-season-attacks/136814/
Black Hat may be the benchmark signaling the end of security nihilism and snark, and a re-prioritization of energy toward the greater good.
https://threatpost.com/will-the-real-security-community-please-stand-up/127156/
Researchers find flaws in an internet-connected drill, but say minimal, hard-to-find bugs indicate there is hope for IoT security.
https://threatpost.com/internet-enabled-drill-demonstrates-iot-security-done-right/126408/
David Jacoby and Frans Rosén said at this year's Security Analyst Summit they offered companies free pen-testing and raised $15,000 for charity in the process.
https://threatpost.com/creating-a-more-altruistic-bug-bounty-program/124850/
Mike Mimoso and Chris Brook recap the second day of Kaspersky Lab's Security Analyst Summit, including how a Brazilian bank was compromised, and more.
https://threatpost.com/security-analyst-summit-2017-day-two-recap/124788/
Mozilla patched a zero day uncovered at Pwn2Own in Firefox in 22 hours on Friday.
https://threatpost.com/mozilla-patches-pwn2own-zero-day-in-firefox/124415/
Cris Thomas of Tenable Networks, aka Space Rogue of the L0pht, talks to Mike Mimoso during RSA Conference about the rhetoric and hype surrounding cyberwar, as well as a quick trip down memory lan...
https://threatpost.com/cris-thomas-on-cyberwar-rhetoric/123769/
Mike Mimoso talks to Marie Moe, a research scientist at SINTEF of Norway, about her personal and emotional connection to medical device security.
https://threatpost.com/marie-moe-on-medical-device-security/123049/
Mike Mimoso and Chris Brook discuss the news of the week, including on this week's U.S. Senate Committee on Armed Service hearing, the Burlington Electric 'Hack', FireCrypt, and Security Without ...
https://threatpost.com/threatpost-news-wrap-january-6-2017/122914/
Mike Mimoso and Chris Brook discuss the news of the week, including this week's House hearing on the Internet of Things, Samy Kamkar's PoisonTap tool, and Windows 10's ransomware protections.
https://threatpost.com/threatpost-news-wrap-november-18-2016/122044/
DARPA's Cyber Grand Challenge is set to culminate Thursday with a competition at DEF CON it's calling the CGC Final Event.
https://threatpost.com/bug-hunting-cyber-bots-set-to-square-off-at-def-con/119566/
A U.S. Federal Court sentenced Christopher Correa to almost four years in prison for hacking into a computer system that belongs to the Houston Astros.
https://threatpost.com/ex-cardinals-exec-sentenced-four-years-for-astros-hack/119358/
A Congressional report accuses China of hacking the FDIC and the agency of covering up the attacks.
https://threatpost.com/congressional-report-china-hacked-fdic-and-agency-covered-it-up/119276/
Threatpost editor Mike Mimoso talks to Chris Valasek, Security Lead, Uber ATC, about the talk he and Charlie Miller gave at RSA, hacking cars, the challenges around getting manufacturers to patch...
https://threatpost.com/chris-valasek-talks-car-hacking-and-more/116763/
Mike Mimoso and Chris Brook recap RSA 2016, the pervasiveness of the FBI vs. Apple debate, OpenSSL two years after Heartbleed, and why hacking back is always a bad idea.
https://threatpost.com/threatpost-news-wrap-march-4-2016/116591/
A panel at RSA Conference on appropriate responses to state-sponsored espionage of intellectual property for economic gain served as a reminder of the dangers of hacking back.
https://threatpost.com/gentle-reminder-at-rsa-hacking-back-is-a-bad-idea/116564/
IOActive report claims popular SimpliSafe’s wireless home security system is vulnerable to hackers who can record and reuse PIN entries to disarm alarm.
https://threatpost.com/hack-disarms-simplisafes-home-wireless-security-systems/116334/
Researchers from MalCrawler built a honeypot mimicking an energy management system at the heart of a power grid, exposing attackers’ behavior once they have access to critical infrastructure sy...
https://threatpost.com/power-grid-honeypot-puts-face-on-attacks/116217/
General Motors' new vulnerability disclosure program does not come with a monetary reward, but the automaker promises not to sue researchers looking for flaws in its products and services.
https://threatpost.com/gm-vulnerability-disclosure-program-lacks-rewards/115831/
Facebook is at odds with a security researcher over a number of Instagram vulnerabilities that allowed the researcher to access SSL and other private keys, as well as user and employee data.
https://threatpost.com/facebook-researcher-spar-over-instagram-vulnerabilities/115658/
The U.S. government is purportedly readying economic sanctions against China and is prepared to call out several Chinese companies and individuals for cyber espionage.
https://threatpost.com/in-wake-of-cyberattacks-u-s-readies-sanctions-against-china/114481/
Dennis Fisher talks with Chris Valasek of IOActive about the new research he did with Charlie Miller on remotely hacking a Jeep, how the disclosure process worked, what auto makers can do to secu...
Authorities from six different nations worked on Tuesday to apprehend 49 suspects connected with carrying out a complex phishing scheme dubbed Operation Triangle.
https://threatpost.com/49-arrested-in-operation-triangle-phishing-campaign/113275/
The Federal Reserve Bank of St. Louis confirmed this week that it fell victim to a DNS hijack last month that may have redirected users to bogus webpages and exposed customers to phishing, malwar...
https://threatpost.com/st-louis-federal-reserve-falls-victim-to-dns-hijack/112896/