A record fine and two new compromises kick off the autumn compromise season.
Threatpost editors discuss the highlights and biggest breaking news from this past week.
An explosive Bloomberg report, if true, would highlight the largest supply chain attack to have been launched against American corporations.
A lack of authentication in Apple’s Device Enrollment Program could allow attackers to scoop up Wi-Fi passwords and VPN configurations.
Malicious apps can trivially thwart Mojave 10.14’s new privacy protections.
The attack stems from a glitch in WebKit, an HTML layout browser engine in Apple’s Safari browser.
A flaw in Safari – that allows an attacker to spoof websites and trick victims into handing over their credentials – has yet to be patched.
Hours after researchers publicly disclosed an app that was caught stealing and uploading browser history data, Apple removed it from the Mac App Store.
A macOS App called Adware Doctor blocks ads, but share’s user browser history with a China-based domain.
Facebook has been struggling to keep its data privacy woes at bay this week, between banning apps on its social media platform – and pulling its own app from Apple’s store.