Threatpost

An effective spoofing campaign promises users important information about new coronavirus cases in their local area, scooting past Proofpoint and Microsoft Office 356 ATPs.

About 10 compromised websites employ a multi-stage, targeted effort to fingerprint and compromise victims.

The New York Attorney General has inquired about Zoom's data security strategy, as the conferencing platform comes under heavy scrutiny for its privacy policies.

An old RAT learns an old trick.

The second breach in less than 24 months stemmed from employee account compromises.

An informal Threatpost reader poll shows the majority of site visitors are privacy absolutists. But attitudes shift when the trade off is saving lives.

Phishing and zero-days continue to be a core part of the APT arsenal.

Zoom removed its Facebook SDK for iOS feature after a report found the app sending Facebook "unnecessary" user data.

The malware is back after three years, looking to cash in on interest in government relief efforts around coronavirus.

The vulnerability can be exploited to reveal limited traffic data including a device’s IP address.

CVE-2020-10245, a heap-based buffer overflow that rates 10 out of 10 in severity, exists in the CODESYS web server and takes little skill to exploit.

The food container company's main website had a card skimmer that scooped up online customers' payment card data.

The malware, the work of a new APT called TwoSail Junk, allows deep surveillance and total control over iOS devices.

Numerous instances of online conferences being disrupted by pornographic images, hate speech or even threats can be mitigated using some platform tools.

The router DNS hijacking attacks have targeted more than a thousand victims with the Oski info-stealing malware.

With more employees than ever working remotely, there are numerous potential threats that organizations must be aware of.

Threatpost Senior Editor Tara Seals is joined by Russ Mohr, engineer and Apple evangelist at MobileIron along with Jerry Ray, COO at SecureAge, for a discussion about the now postponed Tokyo Games and its use of 5G and the myriad of security concerns Japan is preparing for.

Apple's security update included a slew of vulnerabilities in various components of iOS, macOS and Safari - the most severe of which could enable remote code execution.

Researchers say that APT41's exploits are part of one of the broadest espionage campaigns they've seen from a Chinese-linked actor "in recent years."

Marriage, divorce and death certificates, beneficiary info, passports and more were all caught up in an email takeover hack.