Security News

Sure, attackers could simply visit public profiles to target someone, but having so many records in one place could make it possible to automate targeted attacks using information about users' jobs and gender, among other details. Randori researchers said that if an attacker successfully exploits the weakness, they can gain a shell on the targeted system, access sensitive configuration data, extract credentials and more.

We want to know what your biggest cloud security concerns and challenges are, and how your company is dealing with them. Weigh in with our exclusive poll!

It's no secret that ransomware attacks continue to rise - with the number of attacks jumping by 350 percent since 2018. Healthcare systems have been hit particularly hard over the past year by ransomware actors, with a recent report saying that healthcare organizations have seen a 45 percent increase in cyberattacks since November.

As 2020 draws to a close, it's clear that work-from-home security, ransomware, COVID-19-themed social engineering and attacks by nation-states will go down as defining topics for the cybersecurity world for the year. One of Threatpost's Top 5 most-read stories covered the meteoric rise of the game Among Us, and how it outpaced its developer's ability to keep up with malicious actors.

Last week, Threatpost conducted a reader poll and almost 60 percent of 230 security pundits thought it was a "Good idea" to publish PoC code for zero days. Joseph Carson, chief security scientist at Thycotic, told Threatpost that while he thinks PoC exploits can have a positive impact, "It is also important to include what defenders can do to reduce the risks such a methods to harden systems or best practices."

The practice of disclosing proof-of-concept exploits has long caused a debate in the security community. Just this past week, a slew of PoC exploits were published for various vulnerabilities, including ones for a recently patched crypto-spoofing vulnerability found by the National Security Agency and reported to Microsoft; and for critical flaws impacting the Cisco Data Center Network Manager tool for managing network platforms and switches.

Half of Threatpost readers surveyed in a recent poll don't believe that consent realistically exists when it comes to facial recognition.

On the heels of several Facebook data privacy snafus this week - and over the past year - users no longer trust the platform.

A Threatpost reader poll examined risk, vulnerabilities, 2FA, the human element, attitudes on spreadsheets and more when it comes to password managers.

From password manager vulnerabilities to 19-year-old flaws, the Threatpost team broke down this week's biggest news stories.