🏳️Threatpost | The first stop for security news

Website faviconthreatpost.com

Threatpost, is an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.

### Featured news

[](https://threatpost.com/student-loan-breach-exposes-2-5m-records/180492/)

[Student Loan Breach Exposes 2.5M Records](https://threatpost.com/student-loan-breach-exposes-2-5m-records/180492/)

-------------------------------------------------------------------------------------------------------------------

2.5 million people were affected, in a breach that could spell more trouble down the line.

[](https://threatpost.com/watering-hole-attacks-push-scanbox-keylogger/180490/)

[Watering Hole Attacks Push ScanBox Keylogger](https://threatpost.com/watering-hole-attacks-push-scanbox-keylogger/180490/)

---------------------------------------------------------------------------------------------------------------------------

by [Nate Nelson](https://threatpost.com/author/natenelson/)

August 30, 2022

Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.

[](https://threatpost.com/0ktapus-victimize-130-firms/180487/)

[Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms](https://threatpost.com/0ktapus-victimize-130-firms/180487/)

---------------------------------------------------------------------------------------------------------------------

Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.

[](https://threatpost.com/ransomware-attacks-are-on-the-rise/180481/)

[Ransomware Attacks are on the Rise](https://threatpost.com/ransomware-attacks-are-on-the-rise/180481/)

-------------------------------------------------------------------------------------------------------

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.

[](https://www.kaspersky.com/small-to-medium-business-security/cloud?reseller=gl_KES-Cloud-ThreatPost_awarn_ona_smm__all_b2b_some_ban_______&utm_source=threatpost&utm_medium=sm-project&utm_campaign=gl_KES-Cloud-ThreatPost_kk0084&utm_content=banner&utm_term=gl_threatpost_organic_w84uo46uhuoqivv)

### Threatpost Content Spotlight

*   [](https://threatpost.com/inside-hackers-toolkit/180360/ "Inside the Hackers’ Toolkit – Podcast")

    [Listen Now](https://threatpost.com/inside-hackers-toolkit/180360/)

    [Inside the Hackers’ Toolkit – Podcast](https://threatpost.com/inside-hackers-toolkit/180360/)

    ----------------------------------------------------------------------------------------------

*   [](https://threatpost.com/threatpost-manky-fortinet/179821/ "Being Prepared for Adversarial Attacks – Podcast")

    [Listen Now](https://threatpost.com/threatpost-manky-fortinet/179821/)

    [Being Prepared for Adversarial Attacks – Podcast](https://threatpost.com/threatpost-manky-fortinet/179821/)

    ------------------------------------------------------------------------------------------------------------

*   [](https://threatpost.com/gitguardian-state-of-secrets-sprawl/179525/ "The State of Secrets Sprawl – Podcast")

    [Listen Now](https://threatpost.com/gitguardian-state-of-secrets-sprawl/179525/)

    [The State of Secrets Sprawl – Podcast](https://threatpost.com/gitguardian-state-of-secrets-sprawl/179525/)

    -----------------------------------------------------------------------------------------------------------

*   [](https://threatpost.com/a-blockchain-primer-and-a-bored-ape-headscratcher-podcast/179179/ "A Blockchain Primer and a Bored Ape Headscratcher – Podcast")

    [Listen Now](https://threatpost.com/a-blockchain-primer-and-a-bored-ape-headscratcher-podcast/179179/)

    [A Blockchain Primer and a Bored Ape Headscratcher – Podcast](https://threatpost.com/a-blockchain-primer-and-a-bored-ape-headscratcher-podcast/179179/)

    -------------------------------------------------------------------------------------------------------------------------------------------------------

*   [](https://threatpost.com/webinars/secure-systems-start-with-hardware/ "Security Innovation: Secure Systems Start with Foundational Hardware")

    [On-Demand Webinar](https://threatpost.com/webinars/secure-systems-start-with-hardware/)

    [Security Innovation: Secure Systems Start with Foundational Hardware](https://threatpost.com/webinars/secure-systems-start-with-hardware/)

    -------------------------------------------------------------------------------------------------------------------------------------------

*   [](https://threatpost.com/webinars/securely-access-your-machines-from-anywhere-presented-by-keeper-security/ "Securely Access Your Machines from Anywhere – Presented by Keeper Security")

    [On-Demand Webinar](https://threatpost.com/webinars/securely-access-your-machines-from-anywhere-presented-by-keeper-security/)

    [Securely Access Your Machines from Anywhere – Presented by Keeper Security](https://threatpost.com/webinars/securely-access-your-machines-from-anywhere-presented-by-keeper-security/)

    ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

*   [](https://threatpost.com/webinars/lessons-learned-from-log4j-exploit/ "Log4j Exploit: Lessons Learned and Risk Reduction Best Practices")

    [On-Demand Webinar](https://threatpost.com/webinars/lessons-learned-from-log4j-exploit/)

    [Log4j Exploit: Lessons Learned and Risk Reduction Best Practices](https://threatpost.com/webinars/lessons-learned-from-log4j-exploit/)

    ---------------------------------------------------------------------------------------------------------------------------------------

*   [](https://threatpost.com/webinars/protect-sensitive-cloud-data/ "How to ID and Protect Sensitive Cloud Data: The Secret to Keeping Secrets")

    [On-Demand Webinar](https://threatpost.com/webinars/protect-sensitive-cloud-data/)

    [How to ID and Protect Sensitive Cloud Data: The Secret to Keeping Secrets](https://threatpost.com/webinars/protect-sensitive-cloud-data/)

    ------------------------------------------------------------------------------------------------------------------------------------------

*   [](https://threatpost.com/ebooks/cloud-security-the-forecast-for-2022/ "Cloud Security: The Forecast for 2022")

    [Download Your Free Copy](https://threatpost.com/ebooks/cloud-security-the-forecast-for-2022/)

    [Cloud Security: The Forecast for 2022](https://threatpost.com/ebooks/cloud-security-the-forecast-for-2022/)

    ------------------------------------------------------------------------------------------------------------

*   [](https://threatpost.com/ebooks/2021-the-evolution-of-ransomware/ "2021: The Evolution of Ransomware")

    [Download Your Free Copy](https://threatpost.com/ebooks/2021-the-evolution-of-ransomware/)

    [2021: The Evolution of Ransomware](https://threatpost.com/ebooks/2021-the-evolution-of-ransomware/)

    ----------------------------------------------------------------------------------------------------

*   [](https://threatpost.com/ebooks/healthcare-security-woes-balloon-in-a-covid-era-world/ "Healthcare Security Woes Balloon in a Covid-Era World")

    [Download Your Free Copy](https://threatpost.com/ebooks/healthcare-security-woes-balloon-in-a-covid-era-world/)

    [Healthcare Security Woes Balloon in a Covid-Era World](https://threatpost.com/ebooks/healthcare-security-woes-balloon-in-a-covid-era-world/)

    ---------------------------------------------------------------------------------------------------------------------------------------------

*   [](https://threatpost.com/ebooks/2020-in-security-four-stories-from-the-new-threat-landscape/ "2020 in Security: Four Stories from the New Threat Landscape")

    [Download Your Free Copy](https://threatpost.com/ebooks/2020-in-security-four-stories-from-the-new-threat-landscape/)

    [2020 in Security: Four Stories from the New Threat Landscape](https://threatpost.com/ebooks/2020-in-security-four-stories-from-the-new-threat-landscape/)

    ----------------------------------------------------------------------------------------------------------------------------------------------------------

### Latest news

[](https://threatpost.com/cybercriminals-are-selling-access-to-chinese-surveillance-cameras/180478/)

[Cybercriminals Are Selling Access to Chinese Surveillance Cameras](https://threatpost.com/cybercriminals-are-selling-access-to-chinese-surveillance-cameras/180478/)

---------------------------------------------------------------------------------------------------------------------------------------------------------------------

by [Nate Nelson](https://threatpost.com/author/natenelson/)

August 25, 2022

Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.

[](https://threatpost.com/twitter-whistleblower-tldr-version/180472/)

[Twitter Whistleblower Complaint: The TL;DR Version](https://threatpost.com/twitter-whistleblower-tldr-version/180472/)

-----------------------------------------------------------------------------------------------------------------------

by [Threatpost](https://threatpost.com/author/threatpost/)

August 24, 2022

Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.

[](https://threatpost.com/firewall-bug-under-active-attack-cisa-warning/180467/)

[Firewall Bug Under Active Attack Triggers CISA Warning](https://threatpost.com/firewall-bug-under-active-attack-cisa-warning/180467/)

--------------------------------------------------------------------------------------------------------------------------------------

by [Threatpost](https://threatpost.com/author/threatpost/)

August 23, 2022

CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.

[](https://threatpost.com/reservation-links-prey-on-travelers/180462/)

[Fake Reservation Links Prey on Weary Travelers](https://threatpost.com/reservation-links-prey-on-travelers/180462/)

--------------------------------------------------------------------------------------------------------------------

by [Nate Nelson](https://threatpost.com/author/natenelson/)

August 22, 2022

Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.

[](https://threatpost.com/iphone-users-urged-to-update-to-patch-2-zero-days-under-attack/180448/)

[iPhone Users Urged to Update to Patch 2 Zero-Days](https://threatpost.com/iphone-users-urged-to-update-to-patch-2-zero-days-under-attack/180448/)

--------------------------------------------------------------------------------------------------------------------------------------------------

by [Elizabeth Montalbano](https://threatpost.com/author/elizabeth-montalbano/)

August 19, 2022

Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.

Load more latest news

[](https://www.kaspersky.com/small-to-medium-business-security/cloud?reseller=gl_KES-Cloud-ThreatPost_awarn_ona_smm__all_b2b_some_ban_______&utm_source=threatpost&utm_medium=sm-project&utm_campaign=gl_KES-Cloud-ThreatPost_kk0084&utm_content=banner&utm_term=gl_threatpost_organic_w84uo46uhuoqivv)

### Most popular

*   [Is your Java up to date?](https://threatpost.com/your-java-date-022309/72384/)

    -------------------------------------------------------------------------------

*   [Top 5 Tips to Avoid Viruses and Spyware](https://threatpost.com/top-5-tips-avoid-viruses-and-spyware-022309/72383/)

    --------------------------------------------------------------------------------------------------------------------

*   [U.S. needs to investigate cyberweapons](https://threatpost.com/us-needs-investigate-cyberweapons-022409/72778/)

    ----------------------------------------------------------------------------------------------------------------

*   [Six months later, DNS still taking a hit](https://threatpost.com/six-months-later-dns-still-taking-hit-022409/72382/)

    ----------------------------------------------------------------------------------------------------------------------

*   [Pwn2Own 2009: Browsers and smart phones are targets](https://threatpost.com/pwn2own-2009-browsers-and-smart-phones-are-targets-022509/72380/)

    ----------------------------------------------------------------------------------------------------------------------------------------------

### Newsmaker Interviews

*   [](https://threatpost.com/protecting-phones-from-pegasus-like-spyware-attacks/167909/)

    [Protecting Phones From Pegasus-Like Spyware Attacks](https://threatpost.com/protecting-phones-from-pegasus-like-spyware-attacks/167909/)

    -----------------------------------------------------------------------------------------------------------------------------------------

*   [](https://threatpost.com/telegram-forged-covid-19-vaccine-cards/166093/)

    [Telegram Fraudsters Ramp Up Forged COVID-19 Vaccine Card Sales](https://threatpost.com/telegram-forged-covid-19-vaccine-cards/166093/)

    ---------------------------------------------------------------------------------------------------------------------------------------

*   [](https://threatpost.com/spotlight-on-the-cybercriminal-supply-chains/165552/)

    [Spotlight on Cybercriminal Supply Chains](https://threatpost.com/spotlight-on-the-cybercriminal-supply-chains/165552/)

    -----------------------------------------------------------------------------------------------------------------------

*   [](https://threatpost.com/breaking-down-joe-bidens-10b-cybersecurity-down-payment/163304/)

    [Breaking Down Joe Biden’s $10B Cybersecurity ‘Down Payment’](https://threatpost.com/breaking-down-joe-bidens-10b-cybersecurity-down-payment/163304/)

    -----------------------------------------------------------------------------------------------------------------------------------------------------

*   [](https://threatpost.com/cisos-prep-for-covid-19-exposure-notification-in-the-workplace/162988/)

    [CISOs Prep For COVID-19 Exposure Notification in the Workplace](https://threatpost.com/cisos-prep-for-covid-19-exposure-notification-in-the-workplace/162988/)

    ---------------------------------------------------------------------------------------------------------------------------------------------------------------

### Most Recent ThreatLists

*   [](https://threatpost.com/cyber-spike-attacks-high-log4j/177481/)

    [Cyber-Spike: Orgs Suffer 925 Attacks per Week, an All-Time High](https://threatpost.com/cyber-spike-attacks-high-log4j/177481/)

    --------------------------------------------------------------------------------------------------------------------------------

*   [](https://threatpost.com/pysa-top-ransomware-november/177242/)

    [PYSA Emerges as Top Ransomware Actor in November](https://threatpost.com/pysa-top-ransomware-november/177242/)

    ---------------------------------------------------------------------------------------------------------------

*   [](https://threatpost.com/encrypted-fileless-malware-growth/175306/)

    [Encrypted & Fileless Malware Sees Big Growth](https://threatpost.com/encrypted-fileless-malware-growth/175306/)

    ----------------------------------------------------------------------------------------------------------------

*   [](https://threatpost.com/proxy-phantom-fraud-ecommerce-accounts/175241/)

    [Innovative Proxy Phantom ATO Fraud Ring Haunts eCommerce Accounts](https://threatpost.com/proxy-phantom-fraud-ecommerce-accounts/175241/)

    ------------------------------------------------------------------------------------------------------------------------------------------

*   [](https://threatpost.com/women-minorities-hacked/175038/)

    [Women, Minorities Are Hacked More Than Others](https://threatpost.com/women-minorities-hacked/175038/)

    -------------------------------------------------------------------------------------------------------

### [PodcastsView all](https://threatpost.com/category/podcasts/)

[](https://threatpost.com/top-3-attack-trends-in-api-security-podcast/179064/)

[Top 3 Attack Trends in API Security – Podcast](https://threatpost.com/top-3-attack-trends-in-api-security-podcast/179064/)

---------------------------------------------------------------------------------------------------------------------------

Bots & automated attacks have exploded, with attackers and developers alike in love with APIs, according to a new Cequence Security report. Hacker-in-residence Jason Kent explains the latest.

[](https://threatpost.com/reporting-mandates-to-clear-up-feds-hazy-look-into-threat-landscape-podcast/178947/)

[Reporting Mandates to Clear Up Feds’ Hazy Look into Threat Landscape – Podcast](https://threatpost.com/reporting-mandates-to-clear-up-feds-hazy-look-into-threat-landscape-podcast/178947/)

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

It’s about time, AttackIQ’s Jonathan Reiber said about 24H/72H report deadlines mandated in the new spending bill. As it is, visibility into adversary behavior has been muck.

[](https://threatpost.com/staff-think-conti-group-legit-employer-podcast/178903/)

[Staff Think Conti Group Is a Legit Employer – Podcast](https://threatpost.com/staff-think-conti-group-legit-employer-podcast/178903/)

--------------------------------------------------------------------------------------------------------------------------------------

The ransomware group’s benefits – bonuses, employee of the month, performance reviews & top-notch training – might be better than yours, says BreachQuest’s Marco Figueroa.

[](https://threatpost.com/inside-hackers-toolkit/180360/)

[Inside the Hackers’ Toolkit – Podcast](https://threatpost.com/inside-hackers-toolkit/180360/)

----------------------------------------------------------------------------------------------

This edition of the Threatpost podcast is sponsored by Egress.

[](https://threatpost.com/threatpost-manky-fortinet/179821/)

[Being Prepared for Adversarial Attacks – Podcast](https://threatpost.com/threatpost-manky-fortinet/179821/)

------------------------------------------------------------------------------------------------------------

There is no question that the level of threats facing today’s businesses continues to change on a daily basis. So what are the trends that CISOs need to be on the lookout for? For this episode of the Threatpost podcast, I am joined by Derek Manky, Chief Security Strategist & VP Global Threat Intelligence, Fortinet’s \[…\]

[](https://threatpost.com/gitguardian-state-of-secrets-sprawl/179525/)

[The State of Secrets Sprawl – Podcast](https://threatpost.com/gitguardian-state-of-secrets-sprawl/179525/)

-----------------------------------------------------------------------------------------------------------

In this podcast, we dive into the 2022 edition of the State of Secrets Sprawl report with Mackenzie Jackson, developer advocate at GitGuardian. We talk issues that corporations face with public leaks from groups like Lapsus and more, as well as ways for developers to keep their code safe.

[](https://threatpost.com/cyberattackers-speed-fortinet-podcast/179294/)

[Cyberattackers Put the Pedal to the Medal: Podcast](https://threatpost.com/cyberattackers-speed-fortinet-podcast/179294/)

--------------------------------------------------------------------------------------------------------------------------

Fortinet’s Derek Manky discusses the exponential increase in the speed that attackers weaponize fresh vulnerabilities, where botnets and offensive automation fit in, and the ramifications for security teams.

[

](https://threatpost.com/macos-malware-myth-vs-truth-podcast/179215/)

[MacOS Malware: Myth vs. Truth – Podcast](https://threatpost.com/macos-malware-myth-vs-truth-podcast/179215/)

-------------------------------------------------------------------------------------------------------------

Huntress Labs R&D Director Jamie Levy busts the old “Macs don’t get viruses” myth and offers tips on how MacOS malware differs and how to protect against it.

[](https://threatpost.com/a-blockchain-primer-and-a-bored-ape-headscratcher-podcast/179179/)

[A Blockchain Primer and a Bored Ape Headscratcher – Podcast](https://threatpost.com/a-blockchain-primer-and-a-bored-ape-headscratcher-podcast/179179/)

-------------------------------------------------------------------------------------------------------------------------------------------------------

Mystified? Now’s the time to learn about cryptocurrency-associated risks: Listen to KnowBe4’s Dr. Lydia Kostopoulos explain blockchain, NFTs and how to stay safe.

[](https://threatpost.com/top-3-attack-trends-in-api-security-podcast/179064/)

[Top 3 Attack Trends in API Security – Podcast](https://threatpost.com/top-3-attack-trends-in-api-security-podcast/179064/)

---------------------------------------------------------------------------------------------------------------------------

Bots & automated attacks have exploded, with attackers and developers alike in love with APIs, according to a new Cequence Security report. Hacker-in-residence Jason Kent explains the latest.

[](https://threatpost.com/reporting-mandates-to-clear-up-feds-hazy-look-into-threat-landscape-podcast/178947/)

[Reporting Mandates to Clear Up Feds’ Hazy Look into Threat Landscape – Podcast](https://threatpost.com/reporting-mandates-to-clear-up-feds-hazy-look-into-threat-landscape-podcast/178947/)

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

It’s about time, AttackIQ’s Jonathan Reiber said about 24H/72H report deadlines mandated in the new spending bill. As it is, visibility into adversary behavior has been muck.

[](https://threatpost.com/staff-think-conti-group-legit-employer-podcast/178903/)

[Staff Think Conti Group Is a Legit Employer – Podcast](https://threatpost.com/staff-think-conti-group-legit-employer-podcast/178903/)

--------------------------------------------------------------------------------------------------------------------------------------

The ransomware group’s benefits – bonuses, employee of the month, performance reviews & top-notch training – might be better than yours, says BreachQuest’s Marco Figueroa.

[](https://threatpost.com/inside-hackers-toolkit/180360/)

[Inside the Hackers’ Toolkit – Podcast](https://threatpost.com/inside-hackers-toolkit/180360/)

----------------------------------------------------------------------------------------------

This edition of the Threatpost podcast is sponsored by Egress.

[](https://threatpost.com/threatpost-manky-fortinet/179821/)

[Being Prepared for Adversarial Attacks – Podcast](https://threatpost.com/threatpost-manky-fortinet/179821/)

------------------------------------------------------------------------------------------------------------

There is no question that the level of threats facing today’s businesses continues to change on a daily basis. So what are the trends that CISOs need to be on the lookout for? For this episode of the Threatpost podcast, I am joined by Derek Manky, Chief Security Strategist & VP Global Threat Intelligence, Fortinet’s \[…\]

[](https://threatpost.com/gitguardian-state-of-secrets-sprawl/179525/)

[The State of Secrets Sprawl – Podcast](https://threatpost.com/gitguardian-state-of-secrets-sprawl/179525/)

-----------------------------------------------------------------------------------------------------------

In this podcast, we dive into the 2022 edition of the State of Secrets Sprawl report with Mackenzie Jackson, developer advocate at GitGuardian. We talk issues that corporations face with public leaks from groups like Lapsus and more, as well as ways for developers to keep their code safe.

[](https://threatpost.com/cyberattackers-speed-fortinet-podcast/179294/)

[Cyberattackers Put the Pedal to the Medal: Podcast](https://threatpost.com/cyberattackers-speed-fortinet-podcast/179294/)

--------------------------------------------------------------------------------------------------------------------------

Fortinet’s Derek Manky discusses the exponential increase in the speed that attackers weaponize fresh vulnerabilities, where botnets and offensive automation fit in, and the ramifications for security teams.

[

](https://threatpost.com/macos-malware-myth-vs-truth-podcast/179215/)

[MacOS Malware: Myth vs. Truth – Podcast](https://threatpost.com/macos-malware-myth-vs-truth-podcast/179215/)

-------------------------------------------------------------------------------------------------------------

Huntress Labs R&D Director Jamie Levy busts the old “Macs don’t get viruses” myth and offers tips on how MacOS malware differs and how to protect against it.

[](https://threatpost.com/a-blockchain-primer-and-a-bored-ape-headscratcher-podcast/179179/)

[A Blockchain Primer and a Bored Ape Headscratcher – Podcast](https://threatpost.com/a-blockchain-primer-and-a-bored-ape-headscratcher-podcast/179179/)

-------------------------------------------------------------------------------------------------------------------------------------------------------

Mystified? Now’s the time to learn about cryptocurrency-associated risks: Listen to KnowBe4’s Dr. Lydia Kostopoulos explain blockchain, NFTs and how to stay safe.

[](https://threatpost.com/top-3-attack-trends-in-api-security-podcast/179064/)

[Top 3 Attack Trends in API Security – Podcast](https://threatpost.com/top-3-attack-trends-in-api-security-podcast/179064/)

---------------------------------------------------------------------------------------------------------------------------

Bots & automated attacks have exploded, with attackers and developers alike in love with APIs, according to a new Cequence Security report. Hacker-in-residence Jason Kent explains the latest.

[](https://threatpost.com/reporting-mandates-to-clear-up-feds-hazy-look-into-threat-landscape-podcast/178947/)

[Reporting Mandates to Clear Up Feds’ Hazy Look into Threat Landscape – Podcast](https://threatpost.com/reporting-mandates-to-clear-up-feds-hazy-look-into-threat-landscape-podcast/178947/)

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

It’s about time, AttackIQ’s Jonathan Reiber said about 24H/72H report deadlines mandated in the new spending bill. As it is, visibility into adversary behavior has been muck.

[](https://threatpost.com/staff-think-conti-group-legit-employer-podcast/178903/)

[Staff Think Conti Group Is a Legit Employer – Podcast](https://threatpost.com/staff-think-conti-group-legit-employer-podcast/178903/)

--------------------------------------------------------------------------------------------------------------------------------------

The ransomware group’s benefits – bonuses, employee of the month, performance reviews & top-notch training – might be better than yours, says BreachQuest’s Marco Figueroa.

[View all podcasts](https://threatpost.com/category/podcasts/)

### [VideosView all](https://threatpost.com/category/videos/)

[

](https://threatpost.com/pandemic-reshaping-bug-bounty-landscape/160644/)

[How the Pandemic is Reshaping the Bug-Bounty Landscape](https://threatpost.com/pandemic-reshaping-bug-bounty-landscape/160644/)

--------------------------------------------------------------------------------------------------------------------------------

Bugcrowd Founder Casey Ellis talks about COVID-19’s impact on bug bounty hunters, bug bounty program adoption and more.

[](https://threatpost.com/experts-weigh-in-ecommerce-security/160630/)

[Experts Weigh in on E-Commerce Security Amid Snowballing Threats](https://threatpost.com/experts-weigh-in-ecommerce-security/160630/)

--------------------------------------------------------------------------------------------------------------------------------------

How a retail sector reeling from COVID-19 can lock down their online systems to prevent fraud during the upcoming holiday shopping spike.

[](https://threatpost.com/cybercriminals-step-up-game-us-elections/160373/)

[Cybercriminals Step Up Their Game Ahead of U.S. Elections](https://threatpost.com/cybercriminals-step-up-game-us-elections/160373/)

------------------------------------------------------------------------------------------------------------------------------------

Ahead of the November U.S. elections, cybercriminals are stepping up their offensive in both attacks against security infrastructure and disinformation campaigns – but this time, social media giants, the government and citizens are more prepared.

[](https://threatpost.com/lyceum-apt-tunisian-firms/175579/)

[Lyceum APT Returns, This Time Targeting Tunisian Firms](https://threatpost.com/lyceum-apt-tunisian-firms/175579/)

------------------------------------------------------------------------------------------------------------------

The APT, which targets Middle-Eastern energy firms & telecoms, has been relatively quiet since its exposure but not entirely silent. It’s kept up attacks through 2021 and is working on retooling its arsenal yet again. 

[

](https://threatpost.com/camera-roll-out-roils-privacy-activists/164502/)

[National Surveillance Camera Rollout Roils Privacy Activists](https://threatpost.com/camera-roll-out-roils-privacy-activists/164502/)

--------------------------------------------------------------------------------------------------------------------------------------

TALON, a network of smart, connected security cameras developed by the Atlanta-based startup and installed by law enforcement around the country, raises surveillance-related privacy concerns.

[

](https://threatpost.com/malware-gangs-partner-up-in-double-punch-security-threat/164279/)

[Malware Gangs Partner Up in Double-Punch Security Threat](https://threatpost.com/malware-gangs-partner-up-in-double-punch-security-threat/164279/)

---------------------------------------------------------------------------------------------------------------------------------------------------

From TrickBot to Ryuk, more malware cybercriminal groups are putting their heads together when attacking businesses.

[

](https://threatpost.com/email-security-attacks-bec/163869/)

[How Email Attacks are Evolving in 2021](https://threatpost.com/email-security-attacks-bec/163869/)

---------------------------------------------------------------------------------------------------

The money being wire transferred by business email compromise victims is on the rise, as cybersecurity criminals evolve their tactics.

[

](https://threatpost.com/patrick-wardle-on-hackers-leveraging-powerful-ios-bugs-in-high-level-attacks/162521/)

[Patrick Wardle on Hackers Leveraging ‘Powerful’ iOS Bugs in High-Level Attacks](https://threatpost.com/patrick-wardle-on-hackers-leveraging-powerful-ios-bugs-in-high-level-attacks/162521/)

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Noted Apple security expert Patrick Wardle discusses how cybercriminals are stepping up their game in targeting Apple users with new techniques and cyberattacks.

[

](https://threatpost.com/ransomware-ip-theft-top-covid-19-healthcare-security-scares/162247/)

[Ransomware and IP Theft: Top COVID-19 Healthcare Security Scares](https://threatpost.com/ransomware-ip-theft-top-covid-19-healthcare-security-scares/162247/)

--------------------------------------------------------------------------------------------------------------------------------------------------------------

From ransomware attacks that crippled hospitals, to espionage attacks targeting COVID-19 vaccine supply chain, Beau Woods discusses the top healthcare security risks.

[

](https://threatpost.com/pandemic-reshaping-bug-bounty-landscape/160644/)

[How the Pandemic is Reshaping the Bug-Bounty Landscape](https://threatpost.com/pandemic-reshaping-bug-bounty-landscape/160644/)

--------------------------------------------------------------------------------------------------------------------------------

Bugcrowd Founder Casey Ellis talks about COVID-19’s impact on bug bounty hunters, bug bounty program adoption and more.

[](https://threatpost.com/experts-weigh-in-ecommerce-security/160630/)

[Experts Weigh in on E-Commerce Security Amid Snowballing Threats](https://threatpost.com/experts-weigh-in-ecommerce-security/160630/)

--------------------------------------------------------------------------------------------------------------------------------------

How a retail sector reeling from COVID-19 can lock down their online systems to prevent fraud during the upcoming holiday shopping spike.

[](https://threatpost.com/cybercriminals-step-up-game-us-elections/160373/)

[Cybercriminals Step Up Their Game Ahead of U.S. Elections](https://threatpost.com/cybercriminals-step-up-game-us-elections/160373/)

------------------------------------------------------------------------------------------------------------------------------------

Ahead of the November U.S. elections, cybercriminals are stepping up their offensive in both attacks against security infrastructure and disinformation campaigns – but this time, social media giants, the government and citizens are more prepared.

[](https://threatpost.com/lyceum-apt-tunisian-firms/175579/)

[Lyceum APT Returns, This Time Targeting Tunisian Firms](https://threatpost.com/lyceum-apt-tunisian-firms/175579/)

------------------------------------------------------------------------------------------------------------------

The APT, which targets Middle-Eastern energy firms & telecoms, has been relatively quiet since its exposure but not entirely silent. It’s kept up attacks through 2021 and is working on retooling its arsenal yet again. 

[

](https://threatpost.com/camera-roll-out-roils-privacy-activists/164502/)

[National Surveillance Camera Rollout Roils Privacy Activists](https://threatpost.com/camera-roll-out-roils-privacy-activists/164502/)

--------------------------------------------------------------------------------------------------------------------------------------

TALON, a network of smart, connected security cameras developed by the Atlanta-based startup and installed by law enforcement around the country, raises surveillance-related privacy concerns.

[

](https://threatpost.com/malware-gangs-partner-up-in-double-punch-security-threat/164279/)

[Malware Gangs Partner Up in Double-Punch Security Threat](https://threatpost.com/malware-gangs-partner-up-in-double-punch-security-threat/164279/)

---------------------------------------------------------------------------------------------------------------------------------------------------

From TrickBot to Ryuk, more malware cybercriminal groups are putting their heads together when attacking businesses.

[

](https://threatpost.com/email-security-attacks-bec/163869/)

[How Email Attacks are Evolving in 2021](https://threatpost.com/email-security-attacks-bec/163869/)

---------------------------------------------------------------------------------------------------

The money being wire transferred by business email compromise victims is on the rise, as cybersecurity criminals evolve their tactics.

[

](https://threatpost.com/patrick-wardle-on-hackers-leveraging-powerful-ios-bugs-in-high-level-attacks/162521/)

[Patrick Wardle on Hackers Leveraging ‘Powerful’ iOS Bugs in High-Level Attacks](https://threatpost.com/patrick-wardle-on-hackers-leveraging-powerful-ios-bugs-in-high-level-attacks/162521/)

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Noted Apple security expert Patrick Wardle discusses how cybercriminals are stepping up their game in targeting Apple users with new techniques and cyberattacks.

[

](https://threatpost.com/ransomware-ip-theft-top-covid-19-healthcare-security-scares/162247/)

[Ransomware and IP Theft: Top COVID-19 Healthcare Security Scares](https://threatpost.com/ransomware-ip-theft-top-covid-19-healthcare-security-scares/162247/)

--------------------------------------------------------------------------------------------------------------------------------------------------------------

From ransomware attacks that crippled hospitals, to espionage attacks targeting COVID-19 vaccine supply chain, Beau Woods discusses the top healthcare security risks.

[

](https://threatpost.com/pandemic-reshaping-bug-bounty-landscape/160644/)

[How the Pandemic is Reshaping the Bug-Bounty Landscape](https://threatpost.com/pandemic-reshaping-bug-bounty-landscape/160644/)

--------------------------------------------------------------------------------------------------------------------------------

Bugcrowd Founder Casey Ellis talks about COVID-19’s impact on bug bounty hunters, bug bounty program adoption and more.

[](https://threatpost.com/experts-weigh-in-ecommerce-security/160630/)

[Experts Weigh in on E-Commerce Security Amid Snowballing Threats](https://threatpost.com/experts-weigh-in-ecommerce-security/160630/)

--------------------------------------------------------------------------------------------------------------------------------------

How a retail sector reeling from COVID-19 can lock down their online systems to prevent fraud during the upcoming holiday shopping spike.

[](https://threatpost.com/cybercriminals-step-up-game-us-elections/160373/)

[Cybercriminals Step Up Their Game Ahead of U.S. Elections](https://threatpost.com/cybercriminals-step-up-game-us-elections/160373/)

------------------------------------------------------------------------------------------------------------------------------------

Ahead of the November U.S. elections, cybercriminals are stepping up their offensive in both attacks against security infrastructure and disinformation campaigns – but this time, social media giants, the government and citizens are more prepared.

[View all videos](https://threatpost.com/category/videos/)

### [SlideshowView all](https://threatpost.com/category/slideshow/)

[

](https://threatpost.com/top-2018-security-and-privacy-stories/140312/)

[Top 2018 Security and Privacy Stories](https://threatpost.com/top-2018-security-and-privacy-stories/140312/)

-------------------------------------------------------------------------------------------------------------

The top cybersecurity and privacy trends that biggest impact in 2018.

[

](https://threatpost.com/2019-the-year-ahead-in-cybersecurity/140272/)

[2019: The Year Ahead in Cybersecurity](https://threatpost.com/2019-the-year-ahead-in-cybersecurity/140272/)

------------------------------------------------------------------------------------------------------------

What are the top cyber trends to watch out for in 2019? Here’s what we’re hearing.

[

](https://threatpost.com/2018-biggest-breaches/140346/)

[2018: A Banner Year for Breaches](https://threatpost.com/2018-biggest-breaches/140346/)

----------------------------------------------------------------------------------------

A look back at the blizzard of breaches that made up 2018.

[

](https://threatpost.com/2020-cybersecurity-trends-to-watch/151459/)

[2020 Cybersecurity Trends to Watch](https://threatpost.com/2020-cybersecurity-trends-to-watch/151459/)

-------------------------------------------------------------------------------------------------------

Mobile becomes a prime phishing attack vector, hackers will increasingly employ machine learning in attacks and cloud will increasingly be seen as fertile ground for compromise.

[

](https://threatpost.com/top-mobile-security-stories-2019/151420/)

[Top Mobile Security Stories of 2019](https://threatpost.com/top-mobile-security-stories-2019/151420/)

------------------------------------------------------------------------------------------------------

Cybercrime increasingly went mobile in 2019, with everything from Apple iPhone jailbreaks and rogue Android apps to 5G and mobile-first phishing dominating the news coverage. Here are Threatpost’s Top 10 mobile security stories of 2019.

[

](https://threatpost.com/facebook-security-debacles-2019-year-in-review/151306/)

[Facebook Security Debacles: 2019 Year in Review](https://threatpost.com/facebook-security-debacles-2019-year-in-review/151306/)

--------------------------------------------------------------------------------------------------------------------------------

2019 was a tumultuous year for Facebook as it continued to grapple with privacy fallout after Cambridge Analytica, as well as dealing with a slew of security challenges.

[](https://threatpost.com/biggest-malware-threats-of-2019/151423/)

[Biggest Malware Threats of 2019](https://threatpost.com/biggest-malware-threats-of-2019/151423/)

-------------------------------------------------------------------------------------------------

2019 was another banner year for bots, trojans, RATS and ransomware. Let’s take a look back.

[

](https://threatpost.com/top-10-iot-disasters-of-2019/151235/)

[Top 10 IoT Disasters of 2019](https://threatpost.com/top-10-iot-disasters-of-2019/151235/)

-------------------------------------------------------------------------------------------

From more widescale, powerful distributed denial of service (DDoS) attacks, to privacy issues in children’s connected toys, here are the top IoT disasters in 2019.

[

](https://threatpost.com/2019-malware-trends-to-watch/140344/)

[2019 Malware Trends to Watch](https://threatpost.com/2019-malware-trends-to-watch/140344/)

-------------------------------------------------------------------------------------------

Here are 10 top malware trends to watch for in the New Year.

[

](https://threatpost.com/top-2018-security-and-privacy-stories/140312/)

[Top 2018 Security and Privacy Stories](https://threatpost.com/top-2018-security-and-privacy-stories/140312/)

-------------------------------------------------------------------------------------------------------------

The top cybersecurity and privacy trends that biggest impact in 2018.

[

](https://threatpost.com/2019-the-year-ahead-in-cybersecurity/140272/)

[2019: The Year Ahead in Cybersecurity](https://threatpost.com/2019-the-year-ahead-in-cybersecurity/140272/)

------------------------------------------------------------------------------------------------------------

What are the top cyber trends to watch out for in 2019? Here’s what we’re hearing.

[

](https://threatpost.com/2018-biggest-breaches/140346/)

[2018: A Banner Year for Breaches](https://threatpost.com/2018-biggest-breaches/140346/)

----------------------------------------------------------------------------------------

A look back at the blizzard of breaches that made up 2018.

[

](https://threatpost.com/2020-cybersecurity-trends-to-watch/151459/)

[2020 Cybersecurity Trends to Watch](https://threatpost.com/2020-cybersecurity-trends-to-watch/151459/)

-------------------------------------------------------------------------------------------------------

Mobile becomes a prime phishing attack vector, hackers will increasingly employ machine learning in attacks and cloud will increasingly be seen as fertile ground for compromise.

[

](https://threatpost.com/top-mobile-security-stories-2019/151420/)

[Top Mobile Security Stories of 2019](https://threatpost.com/top-mobile-security-stories-2019/151420/)

------------------------------------------------------------------------------------------------------

Cybercrime increasingly went mobile in 2019, with everything from Apple iPhone jailbreaks and rogue Android apps to 5G and mobile-first phishing dominating the news coverage. Here are Threatpost’s Top 10 mobile security stories of 2019.

[

](https://threatpost.com/facebook-security-debacles-2019-year-in-review/151306/)

[Facebook Security Debacles: 2019 Year in Review](https://threatpost.com/facebook-security-debacles-2019-year-in-review/151306/)

--------------------------------------------------------------------------------------------------------------------------------

2019 was a tumultuous year for Facebook as it continued to grapple with privacy fallout after Cambridge Analytica, as well as dealing with a slew of security challenges.

[](https://threatpost.com/biggest-malware-threats-of-2019/151423/)

[Biggest Malware Threats of 2019](https://threatpost.com/biggest-malware-threats-of-2019/151423/)

-------------------------------------------------------------------------------------------------

2019 was another banner year for bots, trojans, RATS and ransomware. Let’s take a look back.

[

](https://threatpost.com/top-10-iot-disasters-of-2019/151235/)

[Top 10 IoT Disasters of 2019](https://threatpost.com/top-10-iot-disasters-of-2019/151235/)

-------------------------------------------------------------------------------------------

From more widescale, powerful distributed denial of service (DDoS) attacks, to privacy issues in children’s connected toys, here are the top IoT disasters in 2019.

[

](https://threatpost.com/2019-malware-trends-to-watch/140344/)

[2019 Malware Trends to Watch](https://threatpost.com/2019-malware-trends-to-watch/140344/)

-------------------------------------------------------------------------------------------

Here are 10 top malware trends to watch for in the New Year.

[

](https://threatpost.com/top-2018-security-and-privacy-stories/140312/)

[Top 2018 Security and Privacy Stories](https://threatpost.com/top-2018-security-and-privacy-stories/140312/)

-------------------------------------------------------------------------------------------------------------

The top cybersecurity and privacy trends that biggest impact in 2018.

[

](https://threatpost.com/2019-the-year-ahead-in-cybersecurity/140272/)

[2019: The Year Ahead in Cybersecurity](https://threatpost.com/2019-the-year-ahead-in-cybersecurity/140272/)

------------------------------------------------------------------------------------------------------------

What are the top cyber trends to watch out for in 2019? Here’s what we’re hearing.

[

](https://threatpost.com/2018-biggest-breaches/140346/)

[2018: A Banner Year for Breaches](https://threatpost.com/2018-biggest-breaches/140346/)

----------------------------------------------------------------------------------------

A look back at the blizzard of breaches that made up 2018.

[View all slideshows](https://threatpost.com/category/slideshow/)

[](https://www.kaspersky.com/small-to-medium-business-security/cloud?reseller=gl_KES-Cloud-ThreatPost_awarn_ona_smm__all_b2b_some_ban_______&utm_source=threatpost&utm_medium=sm-project&utm_campaign=gl_KES-Cloud-ThreatPost_kk0084&utm_content=banner&utm_term=gl_threatpost_organic_w84uo46uhuoqivv)

[](#)[

Threatpost

](https://threatpost.com/)

### Topics

*   [Cloud Security](https://threatpost.com/category/cloud-security/)

*   [Malware](https://threatpost.com/category/malware-2/)

*   [Vulnerabilities](https://threatpost.com/category/vulnerabilities/)

*   [Privacy](https://threatpost.com/category/privacy/)

[Show all](#)

*   [Black Hat](https://threatpost.com/category/bh/)

*   [Critical Infrastructure](https://threatpost.com/category/critical-infrastructure/)

*   [Cryptography](https://threatpost.com/category/cryptography/)

*   [Facebook](https://threatpost.com/category/facebook/)

*   [Featured](https://threatpost.com/category/featured/)

*   [Government](https://threatpost.com/category/government/)

*   [Hacks](https://threatpost.com/category/hacks/)

*   [IoT](https://threatpost.com/category/iot/)

*   [Mobile Security](https://threatpost.com/category/mobile-security/)

*   [Podcasts](https://threatpost.com/category/podcasts/)

*   [RSAC](https://threatpost.com/category/rsac/)

*   [Security Analyst Summit](https://threatpost.com/category/sas/)

*   [Slideshow](https://threatpost.com/category/slideshow/)

*   [Videos](https://threatpost.com/category/videos/)

*   [Web Security](https://threatpost.com/category/web-security/)

### Authors

*   [Elizabeth Montalbano](https://threatpost.com/author/elizabethmontalbano/)

*   [Nate Nelson](https://threatpost.com/author/natenelson/)

### Threatpost

*   [Home](https://threatpost.com/)

*   [About Us](https://threatpost.com/about-threatpost/)

*   [Contact Us](https://threatpost.com/contact-us/)

*   [RSS Feeds](https://threatpost.com/rss-feeds/)

 Search

[](#)

InfoSec Insider

### Infosec Insider Post

Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

[](#)

Sponsored

### Sponsored Content

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on [more information](https://threatpost.com/web-privacy-policy/).

ACCEPT AND CLOSE