In a strangely public product announcement, the phone-cracking firm revealed a powerful new device.

Telegram, the encrypted messaging app, has come under sustained DDoS attack, which was traced back to IP addresses in China. It’s widely believed this is an attempt to disrupt citizen protests in Hong Kong, which are being coordinated using Telegram’s messaging group feature. The so-called #612strike protesters are against new Chinese extradition laws, saying they threaten Hong Kong’s status as an autonomous region.

Researchers have been experimenting with Rowhammer. And what they’ve found will shock you. RAMBleed is their catchy name for an arsenal of ways to read any physical memory on a machine. Yes, any memory: It works across processes, containers, and even VMs. You don’t need any runtime privilege. Neither DDR4, ECC, nor TRR can save us. We’re doomed. Multi-tenant public #cloud is suddenly looking less attractive.

The U.S. Customs and Border Protection admits its contractor has lost some pictures of people going in and out of the U.S.

Next year’s US elections will be no more secure than in 2016. That’s the depressing conclusion from reports out this week.

It’s not every day that the National Security Agency urges you to update your computer.

A new study shows that quantum technology will catch up with today’s encryption standards much sooner than expected. That should worry anybody who needs to store data securely for 25 years or so.

App devs: Don’t be tempted to follow suit; make sure third-parties aren’t using these sort of obnoxious practices. IT: Got MDM yet?

May was a momentous month, which marked a victory for sanity and pragmatism over irrational paranoia. I’m obviously not talking about politics. I’m talking about Microsoft finally — finally! but credit to them for doing this nonetheless! — removing the password expiration po…

A typical iPhone has thousands of trackers, silently reporting back to their motherships. And people are saying Apple is complicit.

Two hours into his keynote at Apple’s Worldwide Developer's Conference last June, senior vice president Craig Federighi revealed a new privacy feature in MacOS Mojave that forces applications to ask the user if they want to "allow" or "deny" any request to access sensitive components and data, including the camera or microphone, messages, and browsing history. The audience dutifully applauded. But when ex-NSA security researcher Patrick Wardle watched that keynote at his home in Maui a few months later, he had a more dubious reaction.

On the heels of embarrassing disclosures from Facebook and Twitter, Google reveals its own password bugs—one of which lasted 14 years.

A hacking tool developed by the US National Security Agency is now being used to shut down American cities and towns, says a Saturday report in The New York Times. Code-named EternalBlue, the hacking exploit involves malicious software and was leaked in 2017 by a group called Shadow Brokers. Hackers used the tool that same year in the worldwide WannaCry ransomware attacks, which locked up computer systems at hospitals, banks and phone companies and required a ransom to set the networks free.

First American Financial is the latest huge corporation being cavalier with your data. Its website has been serving up title documents to anyone who can count.

Attorneys for Chelsea Manning on Friday have once again asked the court to release the activist and whistleblower from her confinement in Virginia on the basis that she cannot be coerced to testify in the Justice Department’s ongoing investigation into Wikileaks and its founder Julian Assange.

Radios that sell for $600 can spoof signals planes use to find runways.

11 members of the GozNym malware network have infected 41,000 PCs via phishy spam campaigns. Six have been apprehended and are in custody.

Air travel can be stressful when passengers are rushing to get to their boarding gates on time, especially on busy days like Memorial Day. Maybe that’s why people keep leaving behind their change at security — almost $1 million a year, all of which goes to the Transportation Security Administration.

The last day of Google’s developer conference tends not to have any news, but this year was a little overloaded. Google announced today that it’s working on bringing Electronic IDs to Android. Separately, the company also confirmed that all new Android Q devices will be required to encrypt user data.

Ever AI is violating user privacy by using millions of photos to train an AI facial-recognition product aimed at enterprises and the military. On the face of it, this isn’t a good look for Ever.

Layered security only works if the layers are, y'know, secure.

The sensitive data of almost 50 million Instagram “influencers” has been leaked and is at risk, thanks to yet another unsecured AWS instance.

As facial recognition technologies have evolved from fledgling projects into powerful software platforms, researchers and civil liberties advocates have been issuing warnings about the potential for privacy erosions. Those mounting fears came to a head Wednesday in Congress.

Time to get serious about security-focused code reviews. And mandate 2FA already.

A Belgian security researcher dubbed SandboxEscaper unleashed four Windows zero-days, dropping her proofs-of-concept onto GitHub this week.

Millions of people might have had their financial and medical information stolen due to a Quest Diagnostics and AMCA data breach.

Container security has been ignored for too long. It's past time to start locking down containers. Here's how.

The larger lesson of an ongoing Ethereum crime spree: Be careful about who's generating your cryptocurrency keys.

Someone hacked my McDonald's mobile app and purchased roughly $2,000 worth of food at different locations across the country.

Sophisticated attackers are now using "invisible malware," a new form of attack that your firewalls can't stop and your anti-malware software can't find nor remove. Here are steps you can take right now to protect your servers and network.

Three years after Russian hackers targeted and breached the email accounts of Hillary Clinton’s presidential campaign, nearly all of the upcoming 2020 presidential candidates are still lagging in email security.

Yet another cloud database with no #security. And this one’s enormous. This time, Microsoft was discovered hosting an 80 million-row, open database of US adults aged over 40. We still don’t know who owns the data, but some speculate shadow IT is to blame. Obviously, Microsoft bears no responsibility whatsoever for this fantastic faux pas. The unprotected dataset is stuffed full of PII, and represents about 65% of US households. Let that sink in for a moment: sixty-five percent.

What is PCI DSS? What is Blockchain Technology? What Kind of Benefits does PCI DSS Provide for Crypto Projects? Take a look to get the answers.

Here come more stories of Russia's interference in elections, Moscow's attempts to sow discord and Putin's conspiracy-theory spreading.

It's not just the world's leading security conferences: the World Science Fiction Convention is likely to be held offshore for the foreseeable future, thanks in large part to the inability of global fandom to attend US-based events in the age of "extreme vetting."