USPS, Amazon Data Leaks Showcase API Weaknesses

The incidents affected millions, just as Black Friday, Cyber Monday and the holiday shopping season kicked off.

SB18-330: Vulnerability Summary for the Week of November 19, 2018

Original release date: November 26, 2018 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities …
Read More »

Threatpost News Wrap Podcast for Nov. 23

From Ford data security speculation to the VisionDirect data breach, the Threatpost editors talk about this week’s biggest stories.

Old Printer Vulnerabilities Die Hard

New research on an old problem reveals despite efforts, the InfoSec professionals still have a way to go when it comes to securing printers.

As Black Friday Looms, IoT Gadgets Take the Risk Spotlight

Ahead of the holiday shopping bonanza, the security community is talking to consumers about IoT security.

Podcast: Why ‘Throwing Money’ at Threats Won’t Work

How can businesses create an effective cyber defense strategy? It starts with defining success, an expert tells us.

Critical Adobe Flash Bug Impacts Windows, macOS, Linux and Chrome OS

Adobe issues patch for a Flash Player vulnerability that could lead to an arbitrary code execution on targeted systems.

Gmail Glitch Enables Anonymous Messages in Phishing Attacks

A glitch in the UX in Gmail allows the “from” field to be forged so there is no sender listed in the email’s header.

Cybersecurity and Infrastructure Security Agency

Original release date: November 19, 2018 On November 16, 2018, the President signed into law the Cybersecurity and Infrastructure Security Agency Act of 2018. This Act elevates the mission of the former Department of Homeland Security (DHS) National Protection and Programs Directorate (NPPD) and establishes the Cybersecurity and Infrastructure Security Agency (CISA). CISA is responsible for protecting the Nation’s critical infrastructure from physical and cyber threats, a mission that requires effective coordination and collaboration among a broad spectrum of government …
Read More »

Cryptojacking Attack Targets Make-A-Wish Foundation Website

Hackers took advantage of an unpatched Drupal vulnerability in the organization’s website to launch a cryptojacking attack.