Threat Post

A honeypot set up to sniff out data on infected IoT devices found a broad array of compromised devices – from Mikrotik routers to dishwashers.

Outdated security practices made it simple to access other people's receipts for everything from traffic tickets to paying bail.

The malicious spyware has also been found in use in countries known for targeting human rights.

The enemy within the enterprise is often employees who are either malicious or unwittingly allowing attackers inside a protected network.

Firmware used in up to 800,000 CCTV cameras open to attack thanks to buffer overflow zero-day bug.

The newly expanded Facebook bug bounty program sniffs out access token exposure flaws.

Old instances of the popular WordPress Duplicator Plugin are leaving sites open to remote code execution attacks.

The attack stems from a glitch in WebKit, an HTML layout browser engine in Apple’s Safari browser.

The attack bypasses BIOS mitigations for cold-boot compromise on models from Apple, Dell, Lenovo and all others made in the last 10 years.

The rules would apply to all hosting service providers offering services in the E.U., regardless of size, even if they’re not based there.

Third-party breaches have become an epidemic as cybercriminals target the weakest link. Organizations such as BestBuy, Sears, Delta and even NYU Medical Center are just a few that have felt the impact of cyberattacks through third-party vendors. The fallout from these breaches can be costly, as the average enterprise pays $1.23 million per incident, up […]

The threat group has racked up a list of victims including Feedify, Groopdealz and British Airways.

The Iran-linked APT appears to be in a state of continuous tool development, analogous to the DevOps efforts seen in the legitimate software world.

The second-most popular delivery method is CVE-2017-11882, a patched Microsoft vulnerability that allows the attacker to perform arbitrary code-execution.

The infosec community say California's IoT security bill is "nice," but doesn't hit on the important issues.

The development fits a trend that sees threat actors turning to well-known, commodity malware, overcoming its easy detection with ever-better obfuscation methods.

A flaw in Safari - that allows an attacker to spoof websites and trick victims into handing over their credentials - has yet to be patched.

Osiris’ fundamental makeup positions it in the fore of malware trends, despite being based on old source code that’s been knocking around for years.

Overall, the number of email fraud attacks per targeted company rose 25 percent from the previous quarter (to 35 on average) and 85 percent from the year-ago quarter.

Microsoft's September Patch Tuesday release tackles three vulnerabilities actively being exploited in the wild.