Phishing emails target a bank's users with malware - and make their landing page look more legitimate with fake Google reCAPTCHAs.
Threatpost talks to HackerOne CEO Marten Mickos on the EU's funding of open source bug bounty programs, how a company can start a program, and the next generation of bounty hunters.
From password manager vulnerabilities to 19-year-old flaws, the Threatpost team broke down this week's biggest news stories.
Adobe has issued yet another patch for a critical vulnerability in its Acrobat Reader - a week after the original fix.
Users of the popular file-compression tool are urged to immediately update after a serious code-execution flaw was found in WinRAR.
An ongoing phishing campaign is targeting hundreds of businesses to steal their email and browser credentials using a simply - but effective - malware.
GitHub is offering unlimited rewards for critical vulnerabilities - and has added "safe harbor" terms to its bug bounty program.
The eight apps were secretly stealing victims' CPU power to mine for Monero.
Researchers warn that the phishing campaign looks "deceptively realistic."
A Threatpost poll found that 52 percent don't feel prepared to prevent a mobile security incident from happening. The results reflect a challenging mobile security landscape.
The dating site said users' names and email addresses that were added to the system prior to May 2018 may be impacted.
Google Play said that app suspensions increased by 66 percent in 2018 on its platform.
There are no permission dialogues for apps in certain folders for macOS Mojave, which allows a malicious app to spy on browsing histories..
Users of the popular plugin, Simple Social Buttons, are encouraged to update to version 2.0.22.
Hackers up to 100 meters away could take over Xiaomi M365 scooters to brake or accelerate them.
From spyware to leaky apps, mobile devices are facing a heightened level of threats. Are we prepared to secure them?
The zero-day flaw in Adobe Reader DC could allow bad actors to steal victims’ NTLM hashes.
A fake MetaMask app is the first instance of this new type of cryptocurrency stealer appearing outside of shady third-party app stores.
Google's Adiantum boosts encryption for low-end devices with processors that do not have hardware support for AES.
A vulnerability in FireOS, the Amazon Fire Tablet's operating system, has been patched.
Apple's iOS 12.1.4 fixes a FaceTime bug that made headlines last week.
Up to eight airlines do not encrypt e-ticketing booking systems - leaving personal customer data open for the taking.
A researcher who discovered a flaw letting him steal passwords in MacOS is not sharing his findings with Apple without a macOS bug bounty program.
A tricky two-stage phishing scam is targeting Facebook and Google credentials using a landing page that hides behind Google's translate feature.
The elevated privilege flaw exists in Microsoft Exchange and would allow a remote attacker to impersonate an administrator.
Flaws in this connected smart scale might give the diet-challenged a legitimate reason to be nervous.
The children's smartwatch allows bad actors to track their location and communicate with them, according to the alert.
Referencing the Dalai Lama, the spam campaign is targeting recipients of a mailing list run by the Central Tibetan Administration.
Despite several threat actors stating they are behind a massive 773M credential dump, researchers believe they have found the real distributor.
The decorating website said that account usernames, passwords and more have been compromised as part of a breach.
From Facebook's research app being pulled from iOS devices to a new-found dump of compromised credentials, here are the top news of the week.
Facebook is continuing to crack down on misinformation, political meddling, and "coordinated inauthentic behavior" on its platform.
The Department of Justice is looking to dismantle the Joanap botnet, which has been built and controlled by North Korea-linked hackers since 2009.
A day after Facebook was dinged for shady iOS distribution techniques of its data-collecting research app, Google was discovered using the same methods for its own app.
A newly discovered malware steals cookies, credentials and more to break into victims' cryptocurrency exchange accounts.
Another one of Facebook's apps has been banned from Apple's ecosystem due to the level of data that it collects and how it was distributed.
Firefox 65 rolls out new redesigned privacy controls as part of Mozilla's anti-tracking promise.
The bug allows iPhone users to FaceTime other iOS users and eavesdrop on their conversations - even when the other end of the line doesn't pick up.
A report found that a dozen connected devices are open to several security and privacy issues.
The development team of the vulnerable Total Donations plugin appears to have abandoned it, and did not respond to inquiries from researchers.
From a massive GDPR fine on a big tech company, to an emergency government security alert, here are the top security stories of the week.
A spate of phishing emails with Word attachments deliver both the Gandcrab ransomware and Ursnif executable.
Credential compromise emerged the main target for phishing campaigns in 2018 - rather than infecting victims' devices with malware.
Researchers detected 191,970 bad ads and estimates that around 1 million users were impacted.
An emergency directive from the Department of Homeland Security provides "required actions" for U.S. government agencies to prevent widespread DNS hijacking attacks.
0patch released the fix for the remote code execution vulnerability in Windows, which has a CVSS score of 7.8.
The patches are part of Adobe's second unscheduled update this month.
Two apps on Google Play were infecting devices with the Anubis mobile banking trojan.
Threatpost editors break down the top headlines from the week ended Jan. 18.
Twitter has fixed the issue, which has been ongoing since 2014.
Microsoft is offering rewards of up to $20,000 for flaws in its Azure DevOps online services and the latest release of the Azure DevOps server.
Apple CEO Tim Cook has called on the government to double down on data privacy regulation in 2019.
New samples of cryptomining malware performs a never-before-seen function: uninstalling cloud security products.