Samples of North Korean antivirus software called SiliVaccine crib software code from a competitor and come loaded with malware and a backdoor.

The apps are deemed malicious by doing things such as capturing pictures and audio when the app is closed, or making an unusually large amount of network calls.

Researchers warn that the code behind this remote access trojan has been tweaked in an attempt to decrease antivirus detection.

Twitter is the latest company to face backlash for how it handles data privacy after disclosing that it sold data access to a Cambridge Analytica-linked researcher.

Default configuration of WD’s My Cloud storage device keeps port open for unprivileged data exfiltration within a network.

A leaky Mongo database exposed personal information of 25,000 investors and potential investors tied to the Bezop cryptocurrency.

Can bug bounty programs be designed to protect consumer privacy and how do programs balance white hat disclosure versus companies sitting on vulnerabilities until they are fixed?

Private intelligence gathering firm LocalBlox leaked data on 48 million users that was scraped from Facebook, LinkedIn, Zillow and other sites.

Researchers found a new iOS vulnerability called “trustjacking,” which exploits a feature called iTunes Wi-Fi Sync to give attackers persistent control over victims’ devices.

Threatpost talks to crypto expert Nate Cardozo, senior staff attorney with the Electronic Frontier Foundation at RSA Conference 2018 about the U.S. government’s current position on device encryption and law enforcement’s use of iPhone passcode cracker called GreyKey.