The flaw could allow a remote, unauthenticated attacker to bypass authentication on vulnerable devices.

Network appliances and devices that still have their default credentials present a risk to your organization, says SecurityHQ.

We explain the “BootHole” vulnerability – as usual, in plain English and without hype. Find if you’re affected and what to do.

The significance of this year's event hasn't changed a whit. It's an opportunity to share what we've learned, and plan how to protect each other and the public for the remainder of the pandemic and beyond.

Learn how to enable passwordless SSH authentication on both Linux and macOS.

The malware is a new payload that uses Dogecoin wallets for its C2, and spreads via the Ngrok botnet.

With data privacy important to almost every American, more than two-thirds of those surveyed say they don't trust companies to ethically sell their data.

The FBI warned organizations last week that attackers are increasingly using built-in network protocols to launch destructive distributed denial of service attacks.

Chrome users can retrieve payment card numbers via biometric authentication and use a new touch-to-fill: feature to log in to accounts.

Cyber-incident response often addresses short-term needs, but we need to broaden the view of crisis management to be more forward-thinking.

What shape do you expect remote endpoints to be in when they start winging their way back to the office?

You can easily add a fingerprint reader to your computer if one isn't already built in.

Appsec and cloud security skills are the most in demand, and a shortage of staff is wearing on security teams, a new study shows.

Zoom has fixed the issue, which stemmed from a lack of checks against incorrect passcode attempts.

The email security provider brings into its fold social engineering and human identity capabilities.

Shadow travel businesses that depend on loyalty program fraud have been impacted just like the legitimate travel orgs they prey on.

Apple, Google, and Mozilla will shorten the life span for TLS certificates in a move poised to aid security but cause operational troubles.

Threatpost editors break down the top themes, speakers and sessions to look out for this year at Black Hat 2020 - from election security to remote work and the pandemic.

A team of researchers from Georgia Tech find a new attack technique that targets properties in Node.js and plan to publicly release a tool that has already identified 13 new vulnerabilities.

Hackers "mislead certain employees" to gain access to internal tools to take over high-profile accounts and push out a Bitcoin scam.