Threatpost

Data collected for two-factor authentication purposes “inadvertently” matched users to targeted-advertising lists, the company admits.

Ponemon survey data shows that only a third of IT staff say they take a security-first approach to data storage in the cloud.

Microsoft has released fixes for nine critical and 49 important vulnerabilities as part of Patch Tuesday.

Apple released fixes for Catalina and patches for iCloud and iTunes for Windows software.

A new campaign is evading secure email gateways that rely on identifying word patterns in order to filter out spam.

Google's October security update fixed several critical and high-severity vulnerabilities.

U.S. and U.K. agencies warn consumers to update VPN technologies from Fortinet, Pulse Secure and Palo Alto Networks.

A pair of laws provides recourse for victims of deepfake technology.

Millions of iOS users could be vulnerable to man-in-the-middle attacks that trace back to flawed Twitter code used in popular iPhone apps.

CVE-2019-16920 allows remote unauthenticated attackers to execute code on a target device.

A trio of Alabama hospitals have decided to pay for a decryption key.

A group called Phosphorous has been trying to access Microsoft-based email accounts of people associated with the campaign.

Flaw impacts 18 Android models including Google’s flagship Pixel handset as well as phones made by Samsung, Huawei and Xiaomi.

An attacker whose motives are unclear compromised an Asterisk server in a highly targeted campaign.

Officials say they are concerned about their ability to fight crime and protect citizens, while privacy advocates remain critical of government interference

There are dozens of known groups, hundreds of C2 servers and millions of victim websites.

Dubbed Reductor, this malware can manipulate HTTPS traffic by tweaking a browser’s random numbers generator.

Eight high-severity vulnerabilities exist in the Foxit Reader tool for editing PDF files.

A double-free bug could allow an attacker to achieve remote code execution; users are encouraged to update to a patched version of the messaging app.

Zendesk says access occurred in 2016 and that only a small percentage of customers were impacted.