Intel released eight patches for vulnerabilities in remote management software and firmware that could allow local adversaries to elevate privileges, run arbitrary code, crash systems and eavesdrop on communications.
US-CERT is warning of a vulnerability in Microsoft’s implementation of Address Space Layout Randomization that affects Windows 8, Windows 8.1 and Windows 10.
Pentagon contractor left 1.8 billion mostly benign publicly accessible social-media posts scraped from the internet on a publicly accessible Amazon storage bucket.
With Mike Mimoso leaving Threatpost, it was high time to get many of the people responsible for the site's success throughout the years together for a podcast. Founding editors Ryan Naraine and Dennis Fisher along with Mike, Chris Brook, Brian Donohue and Christen Gentile are aboard for a memorable all-smiles podcast.
Hackers using a specially crafted XLS files can trigger several remote code execution vulnerabilities in the LibXL library.
Amazon said it will offer a fix for its Amazon Key delivery service that allows hackers to tamper with a home security camera.
Oracle pushed out an emergency update for vulnerabilities dubbed 'JoltandBleed' affecting five of its products that rely on its proprietary Jolt protocol.
The White House released a charter document on Wednesday outlining how the U.S. government will disclose cyber security flaws and when it will keep them secret.
Cisco Systems issued patch that fixes a critical vulnerability impacting 12 products running the Cisco Voice Operating System software.
Researchers warn of a Microsoft remote code execution bug that has persisted for 17 years in Office, leaving the OS unprotected until the vulnerability was patched Tuesday.
This month, Microsoft's Patch Tuesday updates tackle fixes for 53 security bugs in Windows, Office, Internet Explorer, Edge, ASP.NET Core, .NET Core, and its Chackra Core browser engine.
Phone maker OnePlus is being blasted for leaving a developer debugging app on its handsets allowing phones to be rooted by an attacker with physical access to the device.
Adobe released a monster update for Acrobat and Reader patching dozens of remote code execution vulnerabilities, along with a Flash Player update addressing a handful of critical flaws.
Vietnamese security company Bkav says it has built a proof-of-concept mask that fools Apple’s Face ID technology.
Phishing remains the biggest account takeover threat to Google users, surpassing keyloggers and credential leaks.
A new banking Trojan dubbed IcedID is is being distributed by a seasoned cybergang or hacker targeting U.S. financial institutions.
IBM’s X-Force Research team reports hackers attacking Brazilian banks are using the Windows scripting tool called AutoIt to reduces the likelihood of antivirus software detection.
Threatpost editors Mike Mimoso and Tom Spring discuss the week's information security news.
Developers using the Twilio platform to build enterprise mobile communications apps have put call and text data at risk for exposure.
Microsoft published guidance for Windows admins on how to safely disable Dynamic Data Exchange (DDE) fields in Office that are being used to spread malware in email-based attacks.