Threat Post

ASCO is the latest headline-making organization to be hit by ransomware, prompting many companies to consider what to do to minimize their risk.

Attackers continue to push the boundaries with modular trojans and ransomware attacks, a new report found.

Threatpost editors Tara Seals and Lindsey O'Donnell discuss a recent lawsuit against Amazon for its privacy policies, a Telegram DDoS attack and more.

XENOTIME, a destructive APT linked to Russia, has broadened its target set beyond Middle East oil and gas.

Two lawsuits are seeking class-action status, alleging that Amazon records children and stores their voiceprints indefinitely.

Attackers are exploiting a Linux Exim critical flaw to execute remote commands, download crypto miners and sniff out other vulnerable servers.

Traffic analysis sheds light on weekday habits of attackers such as the most likely day for attacks and how malicious infrastructure is shared.

Evernote's web clipper extension for Chrome is vulnerable to a critical flaw that could have exposed the data of more than 4.6 million users.

The critical bug in a connected medical device can allow an attacker to remotely manipulate hospital pumps, either to withhold meds or dispense too much.

Durov took to Twitter to hint that Beijing tried to take Telegram offline to disrupt the Hong Kong protests.

A high-severity flaw could give attackers full control of Cisco routers or switches.

215 accounts use the same family of special URL shorteners to track the effectiveness of the operation.

Evite's data breach, stemming from an “inactive data storage file," is only one of many breaches to be disclosed this week.

An attacker can use Rowhammer attack to induce bit flips, thereby leaking the victim's secret data.

Intel has patched seven high-severity vulnerabilities in its mini PC NUC kit firmware.

Never-before-seen dropper found in FormBook samples that has increased persistence and obfuscation capabilities.

The Cynet 360 platform Free Visibility Offering is focused on IT and security professionals who know a lack of visibility is a main challenge in their daily responsibilities as end-users and service providers. 

In total, 88 unique vulnerabilities were patched as part of Microsoft’s June Patch Tuesday security bulletin.

Automatic invite notifications are spreading malicious links.

The two CVEs allow bypasses to get around NTLM relay attack mitigations.