Holiday time is in full swing. When you want to brag about your final destination, be careful of what you post on Facebook and Instagram. Leave your boarding passes (and other barcodes) for yourself (and get a shredder).

An international group of cryptography experts has forced the U.S. National Security Agency to back down over two data encryption techniques it wanted set as global industry standards, reflecting deep mistrust among close U.S. allies.

Change the name to A-d'oh!-be

Equifax has finally revealed how many Canadians were caught up in its massive hack: 100,000. The credit reporting agency said Tuesday that data compromised in the attack includes names, addresses, social insurance numbers and credit card details. Equifax cautioned in a statement posted on its website that its investigation is ongoing and "this information may change."

In light of the latest Bluetooth-related security meltdown, a friendly PSA.

The ISO has decided not to approve two NSA-designed block encryption algorithms: Speck and Simon. It's because the NSA is not trusted to put security ahead of surveillance:

The IT admin demanded $10,000, when he didn’t get it things got X-rated

Today Apple announced its new FaceID technology. It’s a new way to unlock your phone through facial recognition.

The company said Friday that its chief information and security officers would retire in the wake of the breach that affected millions in the U.S. and Britain. This is what we know and don’t know about what occurred.

If you freeze your credit, Experian will let crooks unfreeze it by ticking a box

Equifax’s response to its data breach has been a total shitshow, something the company seems determined to remind us of each and every day. For nearly two weeks, the company’s official Twitter account has been directing users to a fake lookalike website, the sole purpose of which is to expose Equifax’s reckless response to the breach.

Data about British people "may potentially have been accessed" during the data breach at the US credit rating firm Equifax. The UK arm of the organisation said files containing information on "fewer than 400,000" UK consumers was accessed in the breach.

If apps like Signal really posed a threat to the NSA’s surveillance power, why would the U.S. government continue to fund them? By Yasha Levine.

Insider threats can pose greater risks to company data than those associated with external attacks. Here are some techniques to help you spot and mitigate them as quickly as possible.

A catastrophic breach of Equifax’s systems was inevitable because of systemic organizational disregard for cybersecurity and cyber-hygiene best practices, as well as Equifax’s reliance on unqualified executives for information security. While Equifax has proven itself to be a compromised, irresponsible data custodian, Experian, TransUnion, and other data brokers may be just as vulnerable, irresponsible, and compromised.

That gives me a great idea, says Putin – payback

Newly discovered Defray ransomware employs a more targeted approach. It is targeting the most essential organizations. “A single spear-phishing email carrying a slightly altered malware can bypass multi-million-dollar enterprise security solutions if an adversary deceives a cyber-hygienically apathetic employee into opening the attachment or clicking a malicious link and thereby compromising the entire network.”

Apple has added two features that could make the lives of law enforcement investigators significantly more difficult.

Surveillance capitalism fuels the Internet, and sometimes it seems that everyone is spying on you. You're secretly tracked on pretty much every commercial website you visit.

Settlement requires disclosure and monitoring, not much else

The U.S. Justice Department has opened a criminal investigation into whether top officials at Equifax Inc. violated insider trading laws when they sold stock before the company disclosed that it had been hacked, according to people familiar with the investigation.

The case generated a great mystery. They still could not determine how Kenneka Jenkins got into the freezer where she died Kenneka Jenkins was 19 when she was found dead. Her body was recovered by …

The National Security Agency has awarded tech firm CSRA the first of three portions of its classified Groundbreaker contract, which could potentially be worth as much as $2.4 billion over the next decade if all options are exercised. CSRA announced the award through a Securities and Exchange Commission filing, where it acknowledged the value and duration of the contract without naming the customer agency or the contract’s name. Neither CSRA nor NSA offered comment to Nextgov for this story.

A suicide bombing on Tuesday in a busy commercial area in Kabul, near a string of banks and not far from the U.S. Embassy, killed at least five people, Afghan officials said. According to Basir Mujahid, spokesman for the Kabul police chief, the explosion likely targeted a branch of the privately owned Kabul Bank. The U.S. Embassy in Afghanistan's compound is located about 500 yards down the road from the bank.

A vulnerability in hotel keycard locks was a security disaster—and the opportunity of a lifetime for one burglar.

We have firewalls, IPS, endpoint protection, DLP, SIEM and we …

Ransomware is a troubling trend. Novice criminals with little technical savvy and cheap software can generate big payouts and impact enterprise operations. Here's what you need to know about the changing ransomware landscape.

Is there a formal name for the fallacy of assuming that the status quo is sane? Such a name would become more useful with each passing year. There are a..

A leading US supplier of voting machines confirmed on Thursday that it exposed the personal information of more than 1.8 million Illinois residents. State authorities and the Federal Bureau of Investigation were alerted this week to a major data leak exposing the names, addresses, dates of birth, partial Social Security numbers, and party affiliations of over a million Chicago residents. Some driver’s license and state ID numbers were also exposed.

Exploit broker Zerodium ups the ante with $500,000 to target Signal and WhatsApp.

Section 702 saves lives, claims spying agency, while continuing to dodge critical question

A vulnerability in hotel keycard locks was a security disaster—and the opportunity of a lifetime for one burglar.

We recommend that anyone with a credit history assume they were affected by the hack, as Equifax's hack-checker tool proved unreliable in our tests. Also, Equifax will suggest you enroll in Trusted ID, which includes a Terms of Service agreement that waives your rights to a class-action lawsuit against the company. CNET is investigating the issue and is not yet sure if these terms will hold up in court.

Google tracking is more pervasive than most people realize. We show you some alternatives to Google services to limit your exposure.

Most people understand by now a VPN keeps your internet use more private. But how does it actually work? We've broken it down.