Sunday, October 21, 2018
           (757) 873-6707                     Monday - Friday, 9 am - 5:30pm
Privacy Regulation Could Be a Test for States’ Rights As more states take cybersecurity and privacy issues into their own hands, experts worry that big tech will push for preemption.
Threatpost RSA Conference 2018 Preview Threatpost's Tom Spring and Lindsey O'Donnell talk about the top security trends that they are watching out for at the 2018 RSA Conference this week in San Francisco.
Calls For Regulation Build After Facebook Privacy Fallout Political actors and privacy activists are calling for more regulations on data privacy after Facebook's data security scandal.
New ‘Early Bird’ Code Injection Technique Helps APT33 Evade Detection Researchers have identified what they are calling an Early Bird code injection technique used by the Iranian group APT33 to burrow the TurnedUp malware inside infected systems while evading anti-malware tools.

Latest News

Two Critical RCE Bugs Patched in Drupal 7 and 8

Drupal's advisory also included three patches for \\"moderately critical\\" bugs.

AWS FreeRTOS Bugs Allow Compromise of IoT Devices

The bugs let hackers crash IoT devices, leak their information, and completely take them over.

Trivial Post-Intrusion Attack Exploits Windows RID

Simple technique enables attackers to leverage Windows OS component to maintain stealth and persistence post system compromise.

New APT Could Signal Reemergence of Notorious Comment Crew

A custom malware used in a five-pronged APT espionage campaign was largely built from the defunct Comment Crew's proprietary code.

Tumblr Privacy Bug Could Have Exposed Sensitive Account Data

Tumblr stressed that there is no evidence the security bug was being abused or that unprotected account data was accessed.

GreyEnergy Spy APT Mounts Sophisticated Effort Against Critical Infrastructure

The group is a successor to BlackEnergy and a subset of the TeleBots gang--and its activity is potentially a prelude to a much more destructive attack.

Oracle Fixes 301 Flaws in October Critical Patch Update

The update includes one critical flaw in Oracle GoldenGate with a CVSS 3.0 score of 10.0.

libssh Authentication Bypass Makes it Trivial to Pwn Rafts of Servers

The flaw affects thousands of servers; but GitHub, a major libssh user, is unaffected.

Podcast: A Utility Ransomware Attack, Post-Hurricane

What are utility and power companies, and federal agencies, doing to ready themselves for potential ransomware attacks? Threatpost discusses.

Multiple D-Link Routers Open to Complete Takeover with Simple Attack

The vendor only plans to patch two of the eight impacted devices, according to a researcher.