Threatpost

Facebook said it has suspended and banned tens of thousands of apps on its platform after its investigation, launched after Cambridge Analytica, into how they collect and use data.

Forcepoint has fixed a privilege escalation vulnerability in its VPN Client for Windows.

Threatpost editors discuss the return of Emotet, a new lawsuit against Edward Snowden and more.

A database lacking password protection exposed sensitive data of customers of Milwaukee-based mattress company Verlo Mattress.

Eight cities have been hit by a data breach targeting payment cards.

Microsoft broke its built-in antivirus utility, thanks to a patch for a different issue.

An on premise hacker can cripple even the best cybersecurity defenses.

Researchers discovered that smart TVs from Samsung, LG and others are sending sensitive user data to partner tech firms even when devices are idle.

Marc Rogers discusses the logistics behind a recently-proposed anonymous bug submission program, meant to encourage ethical hackers to submit high-level bugs anonymously.

The fake emails direct victims to log into a bogus IRS site.

The idea that humans are the weakest link shouldn't guide the thinking on social-engineering defense.

The ever-changing malware is jumping in the middle of people's existing email conversations to spread itself without suspicion.

The U.S. is attempting to seize any assets related to Edward Snowden's new memoir, Permanent Record.

Cynet’s new RFP templates clearly lay out the requirements for securing potential APT vectors.

The attack -- the 4th-largest the company has ever encountered -- leveraged WS-Discovery, which is found "everywhere."

The malware landscape is constantly changing; including a rise in a new malware called LookBack, as well as anticipation over the return of the Emotet and Retefe malware families.

Though harboring unsophisticated payloads, the Panda threat group has updated its tactics - from targets to infrastructure - and successfully mined hundreds of thousands of dollars using cryptomining malware.

Bug impacts VMware Workstation 15 running 64-bit versions of Windows 10 as the guest VM.

The bug was first found in 2016.

A configuration setting in Google Calendars does not sufficiently warn users that it makes their calendars public to all, a researcher argues.