The contractor with whom it shared the data has a vulnerable, unpatched network.
Four have been arrested in the case.
Browsers Firefox and Edge take a beating on day two of the Pwn2Own competition.
Google has snagged three security and privacy certifications for Google Play as it tries to appeal to enterprises despite numerous malicious apps and security issues.
Users of the open-source project should upgrade immediately.
Hacked drones are breaching physical and cyberdefenses to cause disruption and steal data, experts warn.
The unpatched vulnerabilities exist in 20 products made by the popular Medtronics medical device manufacturer, including defibrillators and home patient monitoring systems.
The plugin, Social Warfare, is no longer listed after a cross site scripting flaw was found being exploited in the wild.
On the first day of Pwn2Own 2019 hackers poked holes in Apple Safari, VMware Workstation and Oracle VirtualBox.
The social media giant said that it is notifying users whose passwords it stored in plain text, which made them accessible for Facebook employees to view.
In both breaches of MyPillow and Amerisleep, the customers whose payment information was potentially stolen were not informed.
The most serious vulnerabilities in Cisco's 8800 Series IP Phones could allow unauthenticated, remote attackers to conduct a cross-site request forgery attack or write arbitrary files to the filesystem.
Researchers said 1 million user sessions could have been exposed to the campaign, which downloads the Shlayer trojan.
Experts from Gartner, Lookout and Google talk enterprise mobile security in this webinar replay.
The campaign, codenamed “Bad Tidings,” has sought out victims’ credentials with clever fake landing pages pretending to be the Saudi Arabian Ministry of Interior’s e-Service portal.
Despite the 2018 crackdown on Fin7, the cybercrime group has been ramping up its efforts with two new malware samples and an attack panel.
Until a report this week, Uber's Surfcam's use was thought to be limited to incidents uncovered in Singapore in 2017. For its part, Uber denies that it's a "spyware."
A long-quiet malware family has been spotted targeting financial technology firms, armed with new obfuscation techniques to avoid detection.
Some of the flaws would allow remote code-execution.
Threatpost talks to Phil Neray with CyberX about Tuesday's ransomware attack on aluminum producer Norsk Hydro, and how it compares to past manufacturing attacks like Triton, WannaCry and more.
The First Stop For Security NewsSubscribe to Threatpost feed
- Debian Security Advisory 4416-1
- Jettweb PHP Hazir Haber Sitesi Scripti 3 SQL Injection
- WordPress Plugins Open Redirection 2019/03/25
- Jettweb PHP Hazir Haber Sitesi Scripti 1 SQL Injection
- WordPress Themes Open Redirection 2019/03/22
- Matri4Web Matrimony Web Script SQL Injection
- Red Hat Security Advisory 2019-0633-01
- Sourcetree Git Arbitrary Code Execution / URL Handling
- Bootstrapy CMS SQL Injection
- The Company Business Website CMS SQL Injection
- FEMA Exposes PII for Millions of Hurricane, Wildfire Survivors
- Spycams Secretly Live-Streamed 1,600 Motel Guests
- Firefox and Edge Fall to Hackers on Day Two of Pwn2Own
- Google Play Touts Certs in Quest For Enterprise Security
- Critical DoS Bug Bubbles Up in Facebook Fizz TLS 1.3 Project
- Drones are Quickly Becoming a Cybersecurity Nightmare
- Medtronic Defibrillators Have Critical Flaws, Warns DHS
- WordPress Plugin Patched After Zero Day Discovered
- Hackers Take Down Safari, VMware and Oracle at Pwn2Own
- Facebook Stored Passwords in Plain Text For Years