Threatpost

Bishop Fox's Christie Terrill talks to us about IoT security and other trends at Black Hat 2018 this month.

After a report said Google tracks users even when they opt out, the company is under fire from activists and has been slapped with a lawsuit.

An attacker could escalate privileges on the server, further penetrating the network, harvesting customer information or mounting credible social-engineering campaigns.

Researchers launched a Proof-of-Concept attack on two Android mobile phones and an embedded system board.

The recently-patched flaw could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

This could mark yet another reinvention for the VenusLocker group, which has mostly been focused on cryptomining this year.

The unpatched flaw would allow a bad actor to execute information-exfiltrating malware, backdoors, ransomware or any other kind of bad code he or she chose.

A new email campaign includes a Microsoft Office Publisher file with malicious URLs leading to the FlawedAmmyy RAT.

The issue impacts several content management systems, including Typo3 and WordPress, as well as widely-used PDF generation library TCPDF.

Cryptocurrency angel investor Michael Terpin seeks damages for "gross negligence" by the carrier, alleging it turned a blind eye to store employees' malicious activities.

An analysis of the world's most-visited websites shows that vulnerable software, too much active content and large amounts of code execution open visitors to a raft of potential dangers.

The Cosmos Bank incident is only the latest, not the last, thanks to lagging security practices.

A new downloader, which has been spotted in an array of recent email campaigns, uses anti-analysis techniques and calls in a system fingerprinting module.

Trickbot is back, this time with a stealthy code injection trick.

The targets were scanned millions of times, and are all in some way linked to China's ongoing economic development activities, according to Recorded Future.

The program focuses on potential abuse methods across Google's product-specific channels like Google+, Youtube, Gmail and Blogger.

Misconfigured DIY smart-home hubs for home automation could allow attackers to track owners’ movements, see if smart doors and windows are opened or closed, and even open garage doors.

Advanced behavior malware threats are targeting telecom services - at a higher level than the global average, researchers found.

The method could be used to deduce the age, sex, likes or the location history of a user – essentially, the attacker can play “20 questions” to profile the victim.

The tricky Cortana flaw, CVE-2018-8253, was addressed by Microsoft during Patch Tuesday.