Threatpost

The bugs let hackers crash IoT devices, leak their information, and completely take them over.

Simple technique enables attackers to leverage Windows OS component to maintain stealth and persistence post system compromise.

A custom malware used in a five-pronged APT espionage campaign was largely built from the defunct Comment Crew's proprietary code.

Tumblr stressed that there is no evidence the security bug was being abused or that unprotected account data was accessed.

The group is a successor to BlackEnergy and a subset of the TeleBots gang--and its activity is potentially a prelude to a much more destructive attack.

The update includes one critical flaw in Oracle GoldenGate with a CVSS 3.0 score of 10.0.

The flaw affects thousands of servers; but GitHub, a major libssh user, is unaffected.

What are utility and power companies, and federal agencies, doing to ready themselves for potential ransomware attacks? Threatpost discusses.

The vendor only plans to patch two of the eight impacted devices, according to a researcher.

The update also features 23 security fixes.

The flaw impacted patients with pacemakers, implantable defibrillators, cardiac resynchronization devices and insertable cardiac monitors.

Support for PHP 5.6 drops on December 31 - but a recent report found that almost 62 percent of websites are still using version 5.

A record fine and two new compromises kick off the autumn compromise season.

The Emotet Trojan is behind a crippling ransomware attack that hit the Onslow Water and Sewer Authority.

Cybercrime costs are estimated to reach $6 trillion annually -- but companies still lag in preparedness.

The social network will crack down on those spreading disinformation and looking to keep people away from the polls.

As more states take cybersecurity and privacy issues into their own hands, experts worry that big tech will push for preemption.

Just weeks before the midterms, voter information from 19 states has turned up on the Dark Web.

Evidence shows that three of the most destructive incidents seen in modern cyber-history are the work of one APT.

Facebook's VP of product management was able to discuss more specifics about how the breach itself occurred.