Can bug bounty programs be designed to protect consumer privacy and how do programs balance white hat disclosure versus companies sitting on vulnerabilities until they are fixed? Go to Source

Despite numerous talks about IoT vulnerabilities at RSAC this week, a clear resolution on fixes is nowhere in sight. Go to Source

Researchers show why keeping a handle on user credentials is just as hard in the cloud as it is on local networks. Go to Source

Private intelligence gathering firm LocalBlox leaked data on 48 million users that was scraped from Facebook, LinkedIn, Zillow and other sites. Go to Source

Researchers are warning malware payloads can bypass traditional AV protection when delivered buried inside images, documents or even just a pixel. Go to Source

Researchers found a new iOS vulnerability called “trustjacking,” which exploits a feature called iTunes Wi-Fi Sync to give attackers persistent control over victims’ devices. Go to Source

Researchers have identified a hacking group behind several widescale maritime shipping industry business email compromise (BEC) attacks since June. Go to Source

Researcher Billy Rios, founder of WhiteScope, discusses medical device hacking at RSA Conference 2018 with Threatpost’s Tom Spring. Go to Source

Threatpost talks to crypto expert Nate Cardozo, senior staff attorney with the Electronic Frontier Foundation at RSA Conference 2018 about the U.S. government’s current position on device encryption and law enforcement’s use of iPhone passcode… Nate Cardozo, Attorney with EFF Talks Encryption at RSA Conference 2018

Mobile apps leak personal data via insecure ads that transmit ad-targeting data insecurely. Go to Source