From vulnerability exploits to encrypted messaging, the report outlines tech Russia and Trump associates used to interfere in U.S. elections and stymie Mueller’s investigation.
Whether spreading malware or disinformation, attackers study their targets, create artifacts, and get the artifacts in front of their targets. So why not combat fake news like malware?
Security experts worry that U.S. charges against WikiLeaks publisher Assange could scare whistleblowers—or cloud the nature of his relationships with Russia and Trump associates.
IOActive’s director of penetration testing says memsad causes software to expose passwords, keys, and tokens we use to protect our data. And the rot has spread far and wide.
Unlike its competitors, the Backstory security data platform, built on Google’s robust infrastructure, is built to retain and surface even years-old Internet traffic data by default.
App functionality or commercial demands sometimes require access to calendars, cameras, or contacts. Here, a basic, if crassly capitalistic, explanation is appropriate.
It’s no secret that few Wi-Fi routers have strong security. It might be alarming, however, to hear that many of today’s high-rated routers have fewer protections than those of 15 years ago, says the CITL research lab at ShmooCon.
When a company goes under or gets sold, its customer data is often the most valuable asset it holds—one it can usually sell or transfer to another entity, depending on the terms of its privacy policy.
A California judge’s ruling might give weight to privacy advocates’ arguments in future cases regarding forced device log-ins. But it isn’t expected to change much in the near term.
Three patterns surface from a look at expectations for the year that turned out wrong: We got lucky, we expected too much, or we were looking in the wrong direction.
Facebook might not sell user data. But it has been trading deep access to it with tech powerhouses Amazon, Netflix, Huawai, and others, according to a New York Times report.
DriveSavers isn’t divulging what its “proprietary technology” is or how it works. It is saying, however, that it won’t use its tech to help law enforcement agencies carry out search warrants.
Over four years, Marriott hackers accessed millions of guest records, including names, mailing and email addresses, passport numbers, and birth dates. Here’s what we’re learning.
High midterm voter turnout highlighted vulnerabilities in dated voting systems. But new machines aren’t the ticket to a smoother and more secure presidential election, experts say.
New exemptions to the controversial copyright law cover hacks of both software and hardware controlled by code. But they stop short of giving security researchers a free pass.
At the Context Conversations event on election security, veteran software engineer Ben Adida explains how he plans to “build open-source voting machines on commodity hardware.”
In a column for The Parallax, Gary McGraw outlines why his band wrote a song that passionately encourages every eligible voter to fill out and submit a ballot.
Despite knowing that current voting systems are highly vulnerable, lawmakers’ inaction on providing badly needed funding for updates has thus far resulted in maintaining the status quo.
Ensuring the integrity and security of a ballot submitted from overseas has long been challenging, and only 7 percent of eligible voters even attempt it. Can technology help?
At our second event, on November 5, we’ll discuss voting-machine vulnerabilities, effective social-engineering tactics, and how to secure elections while respecting democratic values.
Like last week’s Kavanaugh hearings, Facebook’s acknowledgment of a cyberattack that led to a mass account reset alarmed officials and left key questions unanswered.
Torii, named after the Japanese word for “gate,” uses Tor and its network of anonymously linked computers to both obscure Internet traffic and steal data, Avast researchers say.
Tech firms would like one privacy law to cover all U.S. communications—as long as it’s not as strict as the GDPR and also supersedes any pesky state regulations like the CCPA.
Without regulatory pressure to enforce a federal health care cybersecurity task force’s recommendations, involved experts acknowledge, industry progress will remain slow.
For implanted medical devices, where a faulty update could harm or even kill a patient, a doctor’s office visit is in order. With no billing code, hospitals have been eating the costs.
Cluttered EHRs are reducing doctors’ ability to make good decisions for their patients while decreasing patient privacy, argues Twila Brase, author of Big Brother in the Exam Room.
Default device authentication settings, insufficient patches, and internal networks that assume all participants are trusted can lead to health care operations-thwarting infections.
You can’t personally prevent a data breach, nor someone from attempting to defraud your insurance provider. But you can take steps to minimize how much a breach can affect you.
As technology has become the lifeblood of the health care industry, hospitals and patient care clinics are often ill-equipped to confront a Hydra-headed cybersecurity monstrosity.
To get a clearer picture of how pervasive ransomware attacks against hospitals and patient care clinics have become, check out the publicly acknowledged cases since 2016.
There’s no understanding trans-Atlantic privacy politics, nor policy, without recognizing Germany’s pre-1989 memories of the Stasi regime, which enforced conformity through spying.
So-called private channels and encryption aren’t necessarily enough to keep our chats private. How each messaging service sends and stores our data is confusingly inconsistent.
Medical-security researchers are having a harder time getting people to take flaws seriously than discovering serious flaws. We’ll discuss the most pressing issues at Context Conversations.
On stage at DefCon, veteran NSA leader Rob Joyce says the agency’s ability to monitor and counteract international cyberattacks relies on recruiting—and working well—with hackers.
European regulators fined Google for abusing power and demanded that it relaxes restrictions on Android vendors. What could a privacy-focused phone maker do with this new latitude?
Registration, tabulation, social media—there are other aspects of elections we need to better secure, say experts who examined eight notoriously insecure Winvote machines.
Following the massacre from the Mandalay Bay, hotel security personnel began routinely checking rooms. They’re now clashing with privacy advocates attending security conferences.
There might be no better way to reveal just how lax we still are about encryption than to highlight security professionals’ own unprotected communications.
Parisa Tabriz, head of Chrome security and leader of Project Zero, calls out Google’s leadership approach in Internet security as a combination of muscle and joint efforts.
Hackers are divided on the prospects of SBOM standards. Some say they could reduce many patching obstacles. Others worry that they could do more harm than good.
The extortion scam email looks legitimate because it contains accurate personal information. It says it has webcam evidence of online porn consumption and demands thousands of dollars in bitcoin.
As VPN services face increasing obstacles across the globe, the key to their success is in the details. And Verizon is lacking in details about its data collection practices.
Touring the British wartime relic, one might hear: Keep your team focused. Educate and motivate. Be wary of your enemies’ mutual tools. And use deception to keep them off your trail.
In updating its dominant Chrome browser to red-flag sites lacking HTTPS as insecure, Google completes a two-year project to strong-arm site owners into more safely transmitting data.
A lackluster response to speaker harassment by attendees wearing MAGA gear underscores an ongoing struggle among conference organizers to enforce codes of conduct.
At the HOPE hacker conference, a talk about turning oxycodone into its overdose antidote prompts a broader look at the expanding definition—and increasing relevance—of biohacking.
The technically detailed indictment of 12 Russian GRU officers implies a struggle to find appropriate and effective cybersecurity deterrents to geopolitical hacking, experts say.
“A CERT is like FEMA for cyber,” one expert says. Post-WannaCry, Israel is following the Netherlands, England, and Norway in creating a health care CERT.
In its 5-4 decision that police need a search warrant to obtain a target’s location data, the Supreme Court says in Carpenter vs. United States that carrying a phone is “indispensable to participation in modern society.”
A billion-plus people use WeChat to chat, pay, and shop. But while its walled-garden success puts Facebook and Apple’s messaging apps to shame, the success comes with only-in-China costs.
The VPNFilter botnet could collect information and block network traffic, the FBI said. Beyond rebooting our routers, we should be keeping their firmware up-to-date. Here’s how.
Distributed denial-of-service (DDoS) attacks, which hackers have used for decades to pester online organizations, are expected to plague the Internet of Things. Here’s why.
The 12th version of Apple’s browser will expand its Intelligent Tracking Prevention to shield users from tracking related to social networks’ commenting systems. Here’s why.
While the privacy regulations focus on protecting EU residents, regulators like the FTC could force major companies to abide by their GDPR-compliant policies around the world.
Two decades after presenting at the Senate’s first cybersecurity hearing, veteran L0pht hackers Kingpin, Mudge, Weld Pond, and Space Rogue reflect on progress and urge for much more.
The state of Internet of Things security stinks, experts say. And while device manufacturers and lawmakers aren’t anxious to address it, there are clear signs of influence from other actors. IoT regulation is likely on its way.
As Google prepares to release Android P, which is packed with security features, experts note that efforts to address the mobile OS’ version fragmentation “plague” can only go so far.
You can’t prevent a major earthquake or critical-infrastructure hack, but you can prepare for one. So are industrial-security experts focused on seismic retrofits and post-hack kits?
Despite the legitimacy of the findings in new security research report EFail, experts caution that calls to abandon PGP- and S/MIME-protected email for Signal are irresponsible.
The top-level domain, which Google bought in 2015, is designed to host the Web presence of mobile apps. One key .app security feature that sets it apart: HTTPS is turned on by default.
When researchers inspected the ingredients of SiliVaccine, North Korea-developed Windows antivirus software, they found a mix of spyware and old stolen Trend Micro code.
In revealing that it had been storing unencrypted user passwords, the social media company requests, but doesn’t force, Twitter password resets of its 330 million users—the “bare minimum for doing right” by them, one expert says.
Industrial facilities ranging from oil rigs to breweries use Schneider software to monitor and control their machines. Hacks could have serious commercial or safety implications.
They’re key to advanced persistent threats. They’re increasingly simple. And they’re called zero-days because there’s essentially no time to patch them before a potential cybercriminal exploit.
Fighting the spread of fake news bears similarities to fighting spam. Using tech and human insights, Facebook is essentially filtering it via flagging, fact checking, and feed demotion.
The WebAuthn authentication protocol, backed by Google, Microsoft, PayPal, and others (but notably not Apple), uses physical second factors like phones, and supports biometrics.
Software updates and security patches for critical-infrastructure systems like those of hospitals, 911 dispatchers, and power plants aren’t easy or cheap. But there’s no excuse, experts say, for neglecting them.
At BSides and RSA, bug bounty experts Amit Elazari and Katie Moussouris say today’s programs lack adequate "safe harbor" hacker protections and vulnerability-patching requirements.
About 40 percent of Gmail accounts used to phish for log-ins were recently operating out of Nigeria, Google researchers say, and half of them were targeting people in the United States.
FOSTA and SESTA remove legal protections from online services that “knowingly” facilitate prostitution. Critics say ambiguity over liability may lead sites to major site changes.
Worried about what the social network’s advertisers might be able to see? Take a hard look at the Facebook data you've shared (perhaps inadvertently). You might be unpleasantly surprised.
When consumer-facing companies don’t take reports of data leaks seriously, customers become exposed to financial fraud and identity theft as in the recent Panera Bread incident.
Without investing in technology and personnel to implement preventative measures, experts say, ransomware like the SamSam attack in Atlanta will continue to wreak havoc across computer systems and networks.
Virtual private networks, like all other software—and all software users—aren’t infallible as identity concealers. And investigators can use failures to track down their targets, such as Guccifer 2.0.
Effectively social engineering at scale—simultaneously targeting millions of people across diverse ecosystems—isn’t necessarily a plausible concept. Not without AI and chatbots, that is.
Critics push for the Trump administration to deliver on its promise of a national cybersecurity policy—one that has more legal weight than words like “should” and “may.”
Rewards and penalties tied to China’s social-credit systems are designed to control citizens’ online behavior, experts say. Gamifying it makes the process more palatable.
Symantec researchers say Inception Framework is hijacking vulnerable old routers to forward malicious traffic and thus obscure the source of its advanced persistent threats.
The so-called Cloud Act would allow U.S. law enforcement agencies to obtain customer data stored on foreign servers—in many cases with a subpoena rather than a warrant.
A hack of the Nao humanoid robot, researchers say, demonstrates that cutting-edge consumer robots are just as susceptible to malware attacks as computers or phones.
The point of the Bishop Fox Cybersecurity Style Guide, its editor says, is to “bridge the gap between people who are writing in security, and the people who have to read that.”
The gig economy’s investment in cybersecurity education and protection is hard to quantify, but it’s easy to see that it’s important, researchers explain at the Enigma Conference.
Some privacy advocates say it calls for a resurrected debate over FISA practices. But Nunes himself is a steadfast surveillance supporter of the existing process.
Georgia Senate Bill 315 includes vague language reflective of the CFAA antihacking law that experts and advocates fear would be used to unfairly punish security researchers.
Google says it’s removing more malware than ever from its Android app store. But there are indications that the risks have also risen, as hackers see dollar signs in Android users.
The FISA Amendments Reauthorization Act, approved last week, authorizes and encourages more invasive NSA surveillance, advocates of privacy and civil liberties say.
Cyber Independent Testing Lab research revealed at ShmooCon shows which browsers have been improving in security the most over the past year—and which has suffered setbacks.
Researchers say the nation-state developers behind the Android spyware campaign Dark Caracal took a page from developers of legitimate software, relying on recycled components.
The Meltdown and Spectre chip flaw exploits are prompting a deluge of security patches. They might also represent a rude wake-up call to chip designers that speed and energy efficiency aren’t everything.
As sexual-misconduct allegations across industries proliferate, many organizations, including hacker conferences such as CCC, are realizing that they need a better conflict resolution protocol.
Using a bug bounty payment to conceal extortion or a breach, as Uber did, violated platform policies and Justice Department guidelines. Security experts explain how it also put consumers at risk.
Privacy and online-rights advocates say Spain’s recent heavy-handed Internet control is unprecedented for a Western democracy—and it could return with this week’s snap election.
From drones to dishwashers, these connected tech gifts should give you pause this holiday season, experts say. Here’s why—and, if they remain on your list, how to use them more safely.
The vast majority of anti-Net neutrality public comments made to the FCC were sent from stolen email addresses, according to study results. And the implications are serious.
At the second Enigma Interviews, we discussed how easy car software is to manipulate—what carmakers are really chasing, as they promote their connectedness.
What threats might faulty software in autonomous and connected vehicles pose? During a fireside chat Wednesday, the UC field experts and I will drive the conversation forward.
The sexual advances of the infamous John T. Draper, Captain Crunch, on young men in the hacker community—”inappropriate…and awkward,” sources say—were uninvited and unwelcome.
At Bitcoin Cafe in Prague, on the first floor of a hacker haven, you can buy a brew only with bitcoin or litecoin. We sat down with a Paralelní Polis board member to learn how—and why.
The newly announced Blackfish technology is designed to detect a credential-stuffing attack, “see” the stolen username-password combinations being tested, and prevent a successful log-in.
