Security news that informs and inspires

All Articles

959 articles:

A Privacy Tradeoff of the macOS QuickLook Cache

A convenient feature in macOS called QuickLook can leak information about files that users preview, even in encrypted containers.

Apple

DHS, Energy Boost Security Strategy Amid Infrastructure Attacks

As nation-state actors increasingly target physical critical infrastructure, two federal agencies strategize on how to protect against national threats.

Government, Critical Infrastructure Security

Ancient Bug Haunts GnuPG-Based Encryption Tools

A bug from the 1990s allows attackers to spoof signatures on some encrypted emails in GnuPG and other tools.

Encryption

Senators Push to Require Paper Ballots to Secure Elections

A new bill would require the use of paper ballots and audits in all federal elections.

Election Security

Misconfigured Android Devices Open for Abuse

Android Debug Bridge is a debugging interface for developers troubleshooting faulty Android devices. Unfortunately, some vendors shipped devices with Android Debug Bridge enabled, which leaves these devices open for abuse.

Android, Mobile

Bug Allows Bypass of Code-Signing Tools on Macs

An issue with the way third-party tools implement Apple's code-signing API can allow malicious files to pass as legitimate ones.

Apple

Facebook Open Sources Sonar Debugging Tool

Facebook has open-sourced its internal Sonar debugging platform form Android and iOS apps development.

Facebook, Tools

Encrypt Act Blocks States From Banning Encryption

A group of lawmakers from both parties have introduced a new bill in the House of Representatives that would stop states and local governments from passing laws governing encryption. This will prevent states from passing their own laws before the federal government figures out what to do.

Legislation, Encryption

New Adobe Flash Bug Draws Attackers’ Attention

A freshly patched Flash vulnerability is being exploited by attackers targeting users in the Middle East.

Adobe

VPNFilter Malware Now Exploiting Endpoints, Not Just Routers

The VPNFilter malware has the ability to compromise endpoints and routers both and destroy data on infected devices.

Malware

Why Facebook Shared Data with Device Makers

The latest brouhaha over Facebook's data-sharing practices highlights how critical APIs have become to modern development, and how important it is to restrict how much data can be accessed through these interfaces.

Privacy, Api, Facebook

iOS 12 Goes Hard on Password Security

Apple is adding a slew of new password-security features in iOS 12 to help users avoid using weak or duplicate credentials.

Apple, Passwords

Wyden Pushes FCC For Answers on SS7 Security

Sen. Ron Wyden wants answers from the FCC on cellular network breaches and security.

Government, Mobile

Spectre Forces New Defensive Approaches

The Spectre and Meltdown hardware bugs have pushed vendors such as Google to rethink how they deploy defenses.

Spectre, Hardware Hacking

Security Debt and the Keys to the Kingdom

Security debt is the accumulation of the patches missed, the risks accepted, and the configurations misapplied. Many enterprise security problems arise when the bill comes due.

Ciso, Security