A convenient feature in macOS called QuickLook can leak information about files that users preview, even in encrypted containers.
As nation-state actors increasingly target physical critical infrastructure, two federal agencies strategize on how to protect against national threats.
A bug from the 1990s allows attackers to spoof signatures on some encrypted emails in GnuPG and other tools.
A new bill would require the use of paper ballots and audits in all federal elections.
Android Debug Bridge is a debugging interface for developers troubleshooting faulty Android devices. Unfortunately, some vendors shipped devices with Android Debug Bridge enabled, which leaves these devices open for abuse.
An issue with the way third-party tools implement Apple's code-signing API can allow malicious files to pass as legitimate ones.
Facebook has open-sourced its internal Sonar debugging platform form Android and iOS apps development.
A group of lawmakers from both parties have introduced a new bill in the House of Representatives that would stop states and local governments from passing laws governing encryption. This will prevent states from passing their own laws before the federal government figures out what to do.
A freshly patched Flash vulnerability is being exploited by attackers targeting users in the Middle East.
The VPNFilter malware has the ability to compromise endpoints and routers both and destroy data on infected devices.
The latest brouhaha over Facebook's data-sharing practices highlights how critical APIs have become to modern development, and how important it is to restrict how much data can be accessed through these interfaces.
Apple is adding a slew of new password-security features in iOS 12 to help users avoid using weak or duplicate credentials.
Sen. Ron Wyden wants answers from the FCC on cellular network breaches and security.
The Spectre and Meltdown hardware bugs have pushed vendors such as Google to rethink how they deploy defenses.
Security debt is the accumulation of the patches missed, the risks accepted, and the configurations misapplied. Many enterprise security problems arise when the bill comes due.