The U.S. Customs and Border Protection admits its contractor has lost some pictures of people going in and out of the U.S.

Next year’s US elections will be no more secure than in 2016. That’s the depressing conclusion from reports out this week.

App devs: Don’t be tempted to follow suit; make sure third-parties aren’t using these sort of obnoxious practices. IT: Got MDM yet?

It’s not every day that the National Security Agency urges you to update your computer.

May was a momentous month, which marked a victory for sanity and pragmatism over irrational paranoia. I’m obviously not talking about politics. I’m talking about Microsoft finally — finally! but credit to them for doing this nonetheless! — removing the password expiration po…

Millions of people might have had their financial and medical information stolen due to a Quest Diagnostics and AMCA data breach.

Two hours into his keynote at Apple’s Worldwide Developer's Conference last June, senior vice president Craig Federighi revealed a new privacy feature in MacOS Mojave that forces applications to ask the user if they want to "allow" or "deny" any request to access sensitive components and data, including the camera or microphone, messages, and browsing history. The audience dutifully applauded. But when ex-NSA security researcher Patrick Wardle watched that keynote at his home in Maui a few months later, he had a more dubious reaction.

Attorneys for Chelsea Manning on Friday have once again asked the court to release the activist and whistleblower from her confinement in Virginia on the basis that she cannot be coerced to testify in the Justice Department’s ongoing investigation into Wikileaks and its founder Julian Assange.

A typical iPhone has thousands of trackers, silently reporting back to their motherships. And people are saying Apple is complicit.

The Web site for Fortune 500 real estate title insurance giant First American Financial Corp. [NYSE:FAF] leaked hundreds of millions of documents related to mortgage deals going back to 2003, until notified this week by KrebsOnSecurity. The digitized records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images — were available without authentication to anyone with a Web browser.

A new study shows that quantum technology will catch up with today’s encryption standards much sooner than expected. That should worry anybody who needs to store data securely for 25 years or so.

European regulators are only warming up. Year Two of GDPR promises to be "interesting."

First American Financial is the latest huge corporation being cavalier with your data. Its website has been serving up title documents to anyone who can count.

The IETF has now released two RFCs for TCP encryption. These are labeled as experimental and are used to document the research.

Air travel can be stressful when passengers are rushing to get to their boarding gates on time, especially on busy days like Memorial Day. Maybe that’s why people keep leaving behind their change at security — almost $1 million a year, all of which goes to the Transportation Security Administration.

A hacking tool developed by the US National Security Agency is now being used to shut down American cities and towns, says a Saturday report in The New York Times. Code-named EternalBlue, the hacking exploit involves malicious software and was leaked in 2017 by a group called Shadow Brokers. Hackers used the tool that same year in the worldwide WannaCry ransomware attacks, which locked up computer systems at hospitals, banks and phone companies and required a ransom to set the networks free.

A Belgian security researcher dubbed SandboxEscaper unleashed four Windows zero-days, dropping her proofs-of-concept onto GitHub this week.

Time to get serious about security-focused code reviews. And mandate 2FA already.

As facial recognition technologies have evolved from fledgling projects into powerful software platforms, researchers and civil liberties advocates have been issuing warnings about the potential for privacy erosions. Those mounting fears came to a head Wednesday in Congress.

On the heels of embarrassing disclosures from Facebook and Twitter, Google reveals its own password bugs—one of which lasted 14 years.