The U.S. administration is considering limits to Chinese video surveillance firm Hikvision’s ability to buy U.S. technology, the New York Times reported on Tuesday, in a move that deepens worries about trade frictions between the world’s two top economies.

The sensitive data of almost 50 million Instagram “influencers” has been leaked and is at risk, thanks to yet another unsecured AWS instance.

Radios that sell for $600 can spoof signals planes use to find runways.

It's not just the world's leading security conferences: the World Science Fiction Convention is likely to be held offshore for the foreseeable future, thanks in large part to the inability of global fandom to attend US-based events in the age of "extreme vetting."

11 members of the GozNym malware network have infected 41,000 PCs via phishy spam campaigns. Six have been apprehended and are in custody.

Layered security only works if the layers are, y'know, secure.

Zombieload, another Intel processor side-channel attack, just like Meltdown and Spectre before it, poses a security threat for Linux system and all others for that matter. Here's what the Linux vendors and developers are doing about it.

A buffer-overflow vulnerability in WhatsApp is being exploited by NSO Group to remotely take over victims’ iOS and Android devices.

Here come more stories of Russia's interference in elections, Moscow's attempts to sow discord and Putin's conspiracy-theory spreading.

Readers who follow me know that I’m the founder of HodlBot. We built an easy way for investors to automatically diversify their cryptocurrency portfolios across indices, and custom user-created funds. To use our platform, users must first connect their exchange account of choice to HodlBot. While users manage & track their portfolios on HodlBot, the actual trades are completed on the exchange through the API.

In spring, 2017, a teenager walked up behind a woman leaving the Metro in Northeast Washington DC and put her in a chokehold: "Be quiet," he said. And "delete your iCloud." He grabbed her iPhone 6S and ran away. Last month, there were a string of similar muggings in Philadelphia. In each of these muggings, the perpetrator allegedly held the victim up at gunpoint, demanded that they pull out their iPhone, and gave them instructions: Disable “Find My iPhone,” and log out of iCloud.

Ever AI is violating user privacy by using millions of photos to train an AI facial-recognition product aimed at enterprises and the military. On the face of it, this isn’t a good look for Ever.

The last day of Google’s developer conference tends not to have any news, but this year was a little overloaded. Google announced today that it’s working on bringing Electronic IDs to Android. Separately, the company also confirmed that all new Android Q devices will be required to encrypt user data.

The global competition to develop fully autonomous weapons systems guided by artificial intelligence risks developing into a full-blown arms race, according to a new report from a Dutch peace group. Lethal autonomous weapons, or “killer robots,” as they are described by Pax, the anti-war NGO behind the report, are designed to select and engage targets without proximate human control.

Hobbs, Kerckhoffs and Shannon were right: Security by obscurity is no security at all. Chinese state-sponsored hackers have been making fools of the US National Security Agency. It turns out that Shadow Brokers weren’t the first to steal the NSA’s secret exploits. "NObody But US"—NOBUS, the NSA doctrine of not reporting vulnerabilities so it can keep them for itself—is once again under fire. It’s now believed that China has been using the NSA’s own spy tools since early 2016—months before any previously known leak. You gotta be kidding me! Nope. In this week’s Security Blogwatch, we jest not.

For this assignment, Nick Fuller Googins headed to the Venice Beach boardwalk to shadow a doorman for an evening.

Many private Git repositories are at risk of being leaked to the public. Anonymous hackers have wiped victims’ code and are demanding Bitcoin. Or else? Or else they’ll open-source it for you. And then everyone will be able to see your soopah-sekrit sores, bruh. But how? The way they broke in is making many scratch their head: It seems people had been publishing their GitHub, GitLab or BitBucket credentials on the web.

What is PCI DSS? What is Blockchain Technology? What Kind of Benefits does PCI DSS Provide for Crypto Projects? Take a look to get the answers.

The Huawei security leak that led to the sacking of Gavin Williamson as defence secretary did not breach the Official Secrets Act, police say. Scotland Yard has said it was satisfied that the disclosure from a meeting of the National Security Council (NSC), which prompted a Whitehall mole hunt, was not a crime.

Every Dell endpoint running Windows has a nasty remote-code execution vulnerability. Amazingly, Dell figured it would be great to allow a web page to take full control of a PC—admin privileges and all.