Threatpost is the first stop for fast-breaking security news, conversations and analysis from around the world.

A white hat hacker reverse engineered 30 mobile financial applications and found sensitive #data buried in the underlying #code of nearly all apps examined. threatpost.com/financial-app…
3
140
180
Breaking: Hundreds of millions of #Facebook records – including account names and plaintext #passwords – have been found in two separate publicly-exposed app datasets, researchers at @UpGuard found. threatpost.com/facebook-data…
7
211
154
#Citrix warned of multiple #security flaws that could allow code injection and data theft - including four that are exploitable by unauthenticated, remote attackers. threatpost.com/citrix-bugs-a…
3
107
136
In in lieu of a patch... “I advise to IMMEDIATELY DISCONNECT vulnerable routers from the Internet.” bit.ly/2jhkqY6
35
97
The latest #iOS and Android versions of the FinSpy #malware have been deployed in the wild. The espionage tool can eavesdrop on Signal, Telegram and WhatsApp messages and calls. threatpost.com/finspy-module…
2
62
70
15 billion usernames and #passwords are currently for sale on underground forums - over three times the number available two years ago. (via @digitalshadows) threatpost.com/15-billion-cr…
1
92
94
A monster #cyberattack on #SITA, a global IT provider for 90% of the world’s airline industry, is slowly unfurling to reveal the largest #SupplyChain attack on the #airline industry in history. #cybersecurity threatpost.com/supply-chain-…
2
56
87
A new hack, called PDFex, allows attackers to break the #encryption of PDF files and access content or forge signed #PDF files. threatpost.com/hack-breaks-p…
1
64
71
Top 2020 #security predictions: -Mobile will become a prime phishing attack vector -Hackers will increasingly employ machine learning in attacks -Cloud increasingly seen as fertile ground for compromise Add your own 2020 predictions in the comments ⤵️ threatpost.com/2020-cybersec…
12
68
75
The open-source Virtual Network Computing (VNC) project, often found in industrial environments, is plagued with 37 different memory-corruption #security vulnerabilities. threatpost.com/critical-flaw…
1
72
73
WooCommerce #WordPress plugin, used by 28% of all online stores, patched against #XSS - bit.ly/2wkHoSN
51
57
Multiple zero-days in a Counter-Strike client were used to build a major #botnet - and almost 40 percent of Counter-Strike 1.6 game servers on Steam were found to be malicious. threatpost.com/zero-days-cou…
45
73
The entire population of #Ecuador has been impacted by an open database on an unsecured server. Exposed data includes: -Full name -Date and place of birth -Home address -Cell phone numbers/emails -Taxpayer IDs -Marital status (Via @vpnmentor) threatpost.com/marketing-ana…
3
65
70
Two zero-day #security flaws have been uncovered in #Zoom’s macOS client version. The flaws could give local, unprivileged attackers root privileges, and allow them to access victims’ microphone and camera. threatpost.com/two-zoom-zero…
1
75
66
A fake #Adobe update actually updates victims’ Flash Player – but also installs malicious #cryptomining malware. Researchers at @Unit42_Intel warned that the fake updates also borrow pop-up notifications from the official Adobe installer. threatpost.com/stealthy-fake…
1
193
58
Wireless #BlueBorne attacks target billions of #Bluetooth devices - bit.ly/2f2w3kt
1
104
66
#Cisco is warning of a critical #security flaw in the web server of its IP phones. An unauthenticated, remote attacker could exploit the flaw to execute code with root privileges or launch a DoS attack. threatpost.com/critical-cisc…
2
53
62
A new variant of the #Mirai IoT botnet is targeting wireless presentation systems and LG display systems used by enterprises. threatpost.com/mirai-enterpr…
1
73
64
#Apple has made Group FaceTime temporarily unavailable following a major flaw discovered on Monday evening that allows eavesdropping via #FaceTime. More to come soon on Threatpost.
3
80
61
A new self-propagating #malware, dubbed Lucifer, is targeting #Windows systems with cryptojacking and distributed denial-of-service (DDoS) attacks. (via @Unit42_Intel) threatpost.com/self-propagat…
1
58
55
Unencrypted mobile traffic on #Tor network is leaking personal identifiable information, researchers say. That includes GPS coordinates, web addresses, phone numbers and keystrokes. threatpost.com/unencrypted-m…
1
64
58
Researchers are urging #Ring users to update to the latest version of the smart doorbell after a serious flaw triggered #privacy concerns. threatpost.com/ring-doorbell…
1
65
63
A threat actor known as “Sanix” was taken into custody, for allegedly posting 773 million e-mail addresses and 21 million passwords on a #hacker forum last year. #ICYMI threatpost.com/alleged-hacke…
1
38
57
Researchers are warning of a convincing #cyberattack that impersonates notifications from #Microsoft Teams in order to steal employee Office 365 credentials. threatpost.com/microsoft-tea…
2
67
57
"Basically, everything was pwned, from the LAN to the WAN." - bit.ly/2jhkqY6
14
35
A critical #Linux bug has been discovered that could allow attackers to fully compromise vulnerable machines. A #security fix has been proposed but has not yet been incorporated into the Linux kernel. threatpost.com/critical-linu…
77
52
.@malware_traffic theorizes RATs becoming popular w/ campaign because more flexible than single-purpose ransomware: bit.ly/2ew3EmL
15
37
A database on #Apple’s macOS computers is storing emails, that are supposed to be protected with encryption, as readable files. It's a problem that the company has been aware for months - and still has yet to solve. threatpost.com/encrypted-ema…
1
62
53
A new #hacking technique used against vulnerable #MikroTik routers gives attackers the ability to execute remote code on affected devices. Researchers @TenableSecurity outlined the attack at #DerbyCon2018. threatpost.com/poc-attack-es…
59
54
A researcher found that phone numbers tied to #WhatsApp accounts are indexed publicly on #Google Search creating what he claims is a “privacy issue” for users. threatpost.com/whatsapp-phon…
49
47
"The problem is this green lock... It means the connection is encrypted, not that the content of the site is safe.” bit.ly/2rotZrI
2
58
51
An insidious #phishing method evades detection using a never-before-seen technique that leverages custom fonts, according to @proofpoint researchers. threatpost.com/phishing-cust…
50
53
Hackers take down @Adobe Reader, @Apple Safari, @Microsoft Edge + @Ubuntu at day one of #Pwn2Own 2017 - bit.ly/2mwUnbH #CanSecWest
1
50
53
Join our #WomenInSTEM webinar to learn more about why women are a crucial piece of the #cyber workforce puzzle. Threatpost will talk to Cynthia Brossman of @BU_Tweets about expanding female representation in the cyber workforce. Register now! bit.ly/2Pj4iQw
6
17
40
Researchers @_CPResearch_ identified a new class of #security vulnerabilities targeting SQLite, outside the context of a browser for the first time. #DEFCON27 threatpost.com/sqlite-exploi…
18
50