DMARC analysis by Proofpoint shows that institutions in the U.S. have among some of the poorest protections to prevent domain spoofing and lack protections to block fraudulent emails ...

A collection of Threatpost’s top recorded cybersecurity webinars available on-demand or register for our upcoming 2021 lineup of live events.

The Gamaredon advanced persistent threat (APT) group has been supercharging its operations lately, improving its toolset and ramping up attacks on Ukrainian national security targets.

A radio control system for drones is vulnerable to remote takeover, thanks to a weakness in the mechanism that binds transmitter and receiver.

A cloud misconfig by SocialArks exposed 318 million records gleaned from Facebook, Instagram and LinkedIn. More than 400GB of public and private profile data for 214 million social-media users ...

Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.

Can we trust web browsers to protect us, even if they say “https?” Not with the novel BitB attack, which fakes popup SSO windows to phish away credentials for Google, Facebook and Microsoft ...

Campaign exploits misconfigured Docker APIs to gain network entry and ultimately sets up a backdoor on compromised hosts to mine cryptocurrency.

Exploring what's next for public-cloud security, including top risks and how to implement better risk management.

Bad actor obtained passwords for servers, home routers, and smart devices by scanning internet for devices open to the Telnet port.

A proof-of-concept attack has been pioneered that “fully and practically” breaks the Secure Hash Algorithm 1 (SHA-1) code-signing encryption, used by legacy computers to sign the certificates ...

Infosec expert Rani Osnat lays out security challenges and offers hope for organizations migrating their IT stack to the private and public cloud environments. CISOs do heroic work protecting ...