Threatpost (@threatpost) / X

Threatpost

22.7K posts

Threatpost

@threatpost

Threatpost is the first stop for fast-breaking security news, conversations and analysis from around the world.

Joined January 2009

Threatpost
@threatpost
Jul 12, 2019
#Google is under fire after a report found that Google Home and Google Assistant records user audio, even when no wake-up word is used. threatpost.com/google-home-re…
Threatpost
@threatpost
Apr 2, 2019
A white hat hacker reverse engineered 30 mobile financial applications and found sensitive #data buried in the underlying #code of nearly all apps examined. threatpost.com/financial-apps…
Threatpost
@threatpost
Apr 3, 2019
Breaking: Hundreds of millions of #Facebook records – including account names and plaintext #passwords – have been found in two separate publicly-exposed app datasets, researchers at @UpGuard found.
threatpost.com
Facebook Data, Passwords Exposed Again in Leaky Datasets
Researchers say that two publicly exposed dataset are leaking Facebook data- from user names to plaintext passwords.
Threatpost
@threatpost
Jun 19, 2019
#Mozilla released an emergency patch for a critical #Firefox flaw that is being actively exploited in targeted attacks.
threatpost.com
Mozilla Releases Emergency Patch for Firefox Zero Day
Mozilla is urging users to update to Firefox 67.0.3 and Firefox ESR 60.7.1 after discovering a critical flaw under active attack.
Threatpost
@threatpost
Jul 7, 2020
#Citrix warned of multiple #security flaws that could allow code injection and data theft - including four that are exploitable by unauthenticated, remote attackers.
threatpost.com
Citrix Bugs Allow Unauthenticated Code Injection, Data Theft
Admins should patch their Citrix ADC and Gateway installs immediately.
Threatpost
@threatpost
Sep 12, 2017
In in lieu of a patch... “I advise to IMMEDIATELY DISCONNECT vulnerable routers from the Internet.” bit.ly/2jhkqY6
Threatpost
@threatpost
Feb 20, 2019
Secure password firms (1Password, Dashlane, KeePass and LastPass) are blasting a #security report highlighting how the utilities can be cracked open to steal #passwords.
threatpost.com
Password Manager Firms Blast Back at ‘Leaky Password’ Revelations
1Password, Dashlane, KeePass and LastPass each downplay what researchers say is a flaw in how the utilities manage memory.
Threatpost
@threatpost
Sep 12, 2020
This Office 365 #phishing attack leverages real-time Active Directory validation of credentials. #Office365
threatpost.com
Office 365 Phishing Attack Leverages Real-Time Active Directory Validation
Attackers check the victims' Office 365 credentials in real time as they are typed into the phishing landing page, by using authentication APIs.
Threatpost
@threatpost
May 2, 2020
Two separate attacks have targeted as many as 50,000 different #Teams users, with the goal of phishing #Microsoft Office 365 logins. threatpost.com/microsoft-team…
Threatpost
@threatpost
Jul 10, 2019
The latest #iOS and Android versions of the FinSpy #malware have been deployed in the wild. The espionage tool can eavesdrop on Signal, Telegram and WhatsApp messages and calls.
threatpost.com
Latest FinSpy Modules Lift Data from Secure Messaging Apps
The espionage tool is capable of eavesdropping on calls and messages sent via Signal, Telegram, WhatsApp and more.
Threatpost
@threatpost
Jul 8, 2020
15 billion usernames and #passwords are currently for sale on underground forums - over three times the number available two years ago. (via @DigitalShadows)
threatpost.com
15 Billion Credentials Currently Up for Grabs on Hacker Forums
Unprecedented amounts of data for accessing bank accounts and streaming services are being flogged on the dark web.
Threatpost
@threatpost
Mar 19, 2019
Researchers have released a proof-of-concept showing how a XXE #security vulnerability can be exploited to attack #Ghidra project users.
threatpost.com
NSA’s Ghidra Reverse-Engineering Tool Can Be Used for RCE
Researchers have released a proof-of-concept showing how a XXE vulnerability can be exploited to attack Ghidra project users.
Threatpost
@threatpost
Nov 16, 2018
A strange glitch in #Gmail can be exploited to place emails into a person’s “Sent” folder — even if that person never sent them.
threatpost.com
Gmail Glitch Offers Stealthy Trick for Phishing Attacks
The issue comes from how Gmail automatically files messages into the "Sent" folder.
Threatpost
@threatpost
Aug 7, 2020
A ‘zero-click’ #MacOS exploit chain using #Microsoft Office macros was revealed at Black Hat.
threatpost.com
Black Hat 2020: 'Zero-Click' MacOS Exploit Chain Uses Microsoft Office Macros
At Black Hat 2020, Patrick Wardle disclosed an exploit chain that bypasses Microsoft's malicious macros protections to infect MacOS users.