Security
Headlines
HeadlinesLatestCVEs

Source

Threatpost

Hack Allows Drone Takeover Via ‘ExpressLRS’ Protocol

A radio control system for drones is vulnerable to remote takeover, thanks to a weakness in the mechanism that binds transmitter and receiver.

Threatpost
#vulnerability#git#pdf#auth#ssl
Human Error Blamed for Leak of 1 Billion Records of Chinese Citizens

A developer appears to have divulged credentials to a police database on a popular developer forum, leading to a breach and subsequent bid to sell 23 terabytes of personal data on the dark web.

Latest Cyberattack Against Iran Part of Ongoing Campaign

Iran's steel manufacturing industry is victim to ongoing cyberattacks that previously impacted the country's rail system.

Google Patches Actively Exploited Chrome Bug

The heap buffer overflow issue in the browser’s WebRTC engine could allow attackers to execute arbitrary code.

ZuoRAT Can Take Over Widely Used SOHO Routers

Devices from Cisco, Netgear and others at risk from the multi-stage malware, which has been active since April 2020 and shows the work of a sophisticated threat actor.

A Guide to Surviving a Ransomware Attack

Oliver Tavakoli, CTO at Vectra AI, gives us hope that surviving a ransomware attack is possible, so long as we apply preparation and intentionality to our defense posture.

Leaky Access Tokens Exposed Amazon Photos of Users

Hackers with Amazon users’ authentication tokens could’ve stolen or encrypted personal photos and documents.

Patchable and Preventable Security Issues Lead Causes of Q1 Attacks

Attacks against U.S. companies spike in Q1 2022 with patchable and preventable external vulnerabilities responsible for bulk of attacks.

Top Six Security Bad Habits, and How to Break Them

Shrav Mehta, CEO, Secureframe, outlines the top six bad habits security teams need to break to prevent costly breaches, ransomware attacks and prevent phishing-based endpoint attacks.

Mitel VoIP Bug Exploited in Ransomware Attacks

Researchers warn threat actors are using a novel remote code execution exploit to gain initial access to victim’s environments.