Experts worry that without proper planning, today's decisions about developing contact tracing apps could have unforeseen consequences in the years to come.
While a massive flood of attacks has yet to hit the oil and gas industry, cybersecurity experts say this could be the calm before the storm.
Besides putting people’s lives at risk, Trump’s promotion of anti-malarials for Covid-19 patients could pave the way for a coordinated disinformation campaign to take root, experts say.
What if someone threw a hacker conference, and nobody showed up?As I boarded a United flight at SFO on March 17, the first day of San Francisco’... Read More...
Three things campaigns should learn from Mueller investigation, says Chime’s head of application and infrastructure security: Protect accounts with two-factor authentication, use “least privilege,” and beware of Mimikatz.
A newly-revealed vulnerability dubbed Kr00k affects more than one billion devices with Broadcom Wi-Fi chips. It's been patched for some but not all of them, and could let hackers steal Wi-Fi passwords and read your data.
Trinamix can tell the difference between a living human, a deceased one, a photograph, and a mask—and it could be coming to your next smartphone.
Stopping stalkerware isn’t easy, say cybersecurity experts, because it challenges legal and social ideas of what malware is.
Although it hasn't been a major focus of their time so far, browser privacy is poised to be become prime territory for feature development. Here's what Google, Microsoft, Mozilla, and Brave have to say about themselves and their competition.
Australian motorcycle helmet maker Forcite is trying to balance utility, safety, and privacy. Here’s a look at today’s challenges in securing connected devices, from Washington to Sydney.
More than two dozen zero-day vulnerabilities revealed in bootloaders of popular devices ranging from Androids to Linksys routers to Samsung TVs strike at the core of digital insecurity.
RCS brings a feature boost to the 30-year-old texting standard. Google and networks are pushing it hard. But their implementations aren’t ready for prime time, security researchers say.
“Disney did not use any of the best practices that can protect users,” GroupSense’s CEO says. It’s largely to blame for Disney+ credentials selling on the Dark Web at a premium.
Determined to convince Tesla to add encryption to its Phone Key feature, an Austrian security researcher built an app called Tesla Radar that gamifies Model 3 tracking.
Devices hacked at the Mobile Pwn2Own contest include the Samsung S10, Amazon Echo Show 5, Sony and Samsung smart TVs, and TP-Link and Netgear routers. Total winnings: $315,000.
Amid disinformation campaign take-downs, Facebook employees, execs clash on how to handle political ads
Facebook needs to do more to stem the spread of disinformation on its platforms, employees said in an internal letter, including vetting and labeling political ads. Experts agree.
Exploiting the vulnerabilities in the popular antivirus programs requires a hacker to have administrator privileges. This “provides the attacker the ability to run its own malicious code.”
Results from a survey of 3,419 respondents in 12 U.S. states supports the implementation of a new password security feature expected in all Google accounts next week.
At DefCon’s Aviation Village, experts convene to explore planes’ burgeoning hacking vulnerabilities and highlight a need for proactive collaboration to protect their systems.
More than 54,000 leaked customer service calls of Colombian financial-services provider Filialcoop variably include customer names, addresses, and numbers said in confidence.
Using off-the-shelf parts and the help of a nurse enthusiast, a biohacking group designed, built, and subcutaneously implanted three networked hard drives. We inquired and watched.
LAS VEGAS—Are you too sexy for your license plate? Hacker and fashion designer Kate Rose thinks not. Until now, most antisurveillance fashion has surrounded... Read More...
Alongside key U.S. businesses, the desktop manufacturers of unofficial conference badges explain how the president’s trade war against China has put their razor-thin margins at risk.
Are the nuclear-power industry’s collective responses to the 1986 disaster enough to stave off clever nation-state cyberattacks? The Parallax visits the toxic site and takes a closer look.
From vulnerability exploits to encrypted messaging, the report outlines tech Russia and Trump associates used to interfere in U.S. elections and stymie Mueller’s investigation.
Whether spreading malware or disinformation, attackers study their targets, create artifacts, and get the artifacts in front of their targets. So why not combat fake news like malware?
Security experts worry that U.S. charges against WikiLeaks publisher Assange could scare whistleblowers—or cloud the nature of his relationships with Russia and Trump associates.
IOActive’s director of penetration testing says memsad causes software to expose passwords, keys, and tokens we use to protect our data. And the rot has spread far and wide.
Unlike its competitors, the Backstory security data platform, built on Google’s robust infrastructure, is built to retain and surface even years-old Internet traffic data by default.
App functionality or commercial demands sometimes require access to calendars, cameras, or contacts. Here, a basic, if crassly capitalistic, explanation is appropriate.
It’s no secret that few Wi-Fi routers have strong security. It might be alarming, however, to hear that many of today’s high-rated routers have fewer protections than those of 15 years ago, says the CITL research lab at ShmooCon.
A California judge’s ruling might give weight to privacy advocates’ arguments in future cases regarding forced device log-ins. But it isn’t expected to change much in the near term.
Facebook might not sell user data. But it has been trading deep access to it with tech powerhouses Amazon, Netflix, Huawai, and others, according to a New York Times report.
DriveSavers isn’t divulging what its “proprietary technology” is or how it works. It is saying, however, that it won’t use its tech to help law enforcement agencies carry out search warrants.
At the Context Conversations event on election security, veteran software engineer Ben Adida explains how he plans to “build open-source voting machines on commodity hardware.”
Like last week’s Kavanaugh hearings, Facebook’s acknowledgment of a cyberattack that led to a mass account reset alarmed officials and left key questions unanswered.
Torii, named after the Japanese word for “gate,” uses Tor and its network of anonymously linked computers to both obscure Internet traffic and steal data, Avast researchers say.
Tech firms would like one privacy law to cover all U.S. communications—as long as it’s not as strict as the GDPR and also supersedes any pesky state regulations like the CCPA.
Without regulatory pressure to enforce a federal health care cybersecurity task force’s recommendations, involved experts acknowledge, industry progress will remain slow.
Default device authentication settings, insufficient patches, and internal networks that assume all participants are trusted can lead to health care operations-thwarting infections.
Medical-security researchers are having a harder time getting people to take flaws seriously than discovering serious flaws. We’ll discuss the most pressing issues at Context Conversations.
On stage at DefCon, veteran NSA leader Rob Joyce says the agency’s ability to monitor and counteract international cyberattacks relies on recruiting—and working well—with hackers.
European regulators fined Google for abusing power and demanded that it relaxes restrictions on Android vendors. What could a privacy-focused phone maker do with this new latitude?
Registration, tabulation, social media—there are other aspects of elections we need to better secure, say experts who examined eight notoriously insecure Winvote machines.
Following the massacre from the Mandalay Bay, hotel security personnel began routinely checking rooms. They’re now clashing with privacy advocates attending security conferences.
There might be no better way to reveal just how lax we still are about encryption than to highlight security professionals’ own unprotected communications.
Parisa Tabriz, head of Chrome security and leader of Project Zero, calls out Google’s leadership approach in Internet security as a combination of muscle and joint efforts.
Hackers are divided on the prospects of SBOM standards. Some say they could reduce many patching obstacles. Others worry that they could do more harm than good.
As VPN services face increasing obstacles across the globe, the key to their success is in the details. And Verizon is lacking in details about its data collection practices.
At the HOPE hacker conference, a talk about turning oxycodone into its overdose antidote prompts a broader look at the expanding definition—and increasing relevance—of biohacking.
The technically detailed indictment of 12 Russian GRU officers implies a struggle to find appropriate and effective cybersecurity deterrents to geopolitical hacking, experts say.
“A CERT is like FEMA for cyber,” one expert says. Post-WannaCry, Israel is following the Netherlands, England, and Norway in creating a health care CERT.
In its 5-4 decision that police need a search warrant to obtain a target’s location data, the Supreme Court says in Carpenter vs. United States that carrying a phone is “indispensable to participation in modern society.”
The VPNFilter botnet could collect information and block network traffic, the FBI said. Beyond rebooting our routers, we should be keeping their firmware up-to-date. Here’s how.
The 12th version of Apple’s browser will expand its Intelligent Tracking Prevention to shield users from tracking related to social networks’ commenting systems. Here’s why.
While the privacy regulations focus on protecting EU residents, regulators like the FTC could force major companies to abide by their GDPR-compliant policies around the world.
Two decades after presenting at the Senate’s first cybersecurity hearing, veteran L0pht hackers Kingpin, Mudge, Weld Pond, and Space Rogue reflect on progress and urge for much more.
The state of Internet of Things security stinks, experts say. And while device manufacturers and lawmakers aren’t anxious to address it, there are clear signs of influence from other actors. IoT regulation is likely on its way.
As Google prepares to release Android P, which is packed with security features, experts note that efforts to address the mobile OS’ version fragmentation “plague” can only go so far.
You can’t prevent a major earthquake or critical-infrastructure hack, but you can prepare for one. So are industrial-security experts focused on seismic retrofits and post-hack kits?
When researchers inspected the ingredients of SiliVaccine, North Korea-developed Windows antivirus software, they found a mix of spyware and old stolen Trend Micro code.
In revealing that it had been storing unencrypted user passwords, the social media company requests, but doesn’t force, Twitter password resets of its 330 million users—the “bare minimum for doing right” by them, one expert says.
Industrial facilities ranging from oil rigs to breweries use Schneider software to monitor and control their machines. Hacks could have serious commercial or safety implications.
Fighting the spread of fake news bears similarities to fighting spam. Using tech and human insights, Facebook is essentially filtering it via flagging, fact checking, and feed demotion.
The WebAuthn authentication protocol, backed by Google, Microsoft, PayPal, and others (but notably not Apple), uses physical second factors like phones, and supports biometrics.
Software updates and security patches for critical-infrastructure systems like those of hospitals, 911 dispatchers, and power plants aren’t easy or cheap. But there’s no excuse, experts say, for neglecting them.
About 40 percent of Gmail accounts used to phish for log-ins were recently operating out of Nigeria, Google researchers say, and half of them were targeting people in the United States.
FOSTA and SESTA remove legal protections from online services that “knowingly” facilitate prostitution. Critics say ambiguity over liability may lead sites to major site changes.