A company that sells surveillance software to parents and employers left “terabytes of data” including photos, audio recordings, text messages and web history, exposed in a poorly-protected Amazon S3 bucket.

Google has just publicly disclosed that it discovered an extremely serious vulnerability in Epic's first Fortnite installer for Android that allowed any app on your phone to download and install anything in the background.

WASHINGTON: Hey! Take off that Fitbit and turn it off. Hand in that Apple Watch. Make sure you’ve turned off the geolocation capabilities of your Garmin. That was the word today from Deputy Defense Secretary Patrick Shanahan. For years, cell phones have been banned from many offices in the Pentagon, not to mention any Secure Compartmentalized Information Facility (SCIF). The reason was simple: anything that can transmit and has a microphone can be used to record and send information. If it’s got a camera, then photographs or video can be taken as well. Today, the threat is less obvious. It comes from those Apple Watches, Garmins, Fitbits, custom smartwatches and other remote sensors that track your location and share it with remote databases. “These geolocation capabilities can expose personal information, locations, routines, and numbers of DoD personnel, and potentially create unintended security consequences and increased risk to the joint force and mission,” says Shanahan’s memo, which was released by the Pentagon press office too ensure everyone sees it. This was all sparked when reports surfaced earlier this year of a fitness-tracking company, Strava, publishing maps showing where users jog, bike and exercise. Since many of its users are members of the military, their jogging routes and other exercises showed exactly where the US has service members around the world, as well as showing their running routes. In Pentagon-speak, here’s the broad problem: “The rapidly evolving market of devices, applications, and services with geolocation capabilities (e.g., fitness trackers, smartphones, tablets, smartwatches, and related software applications) presents significant risk to Department of Defense (DoD) personnel both on and off duty, and to our military operations globally.” Strava apparently intended no harm but, you can guess how uneasy this made service members and senior Pentagon officials. A review of Pentagon policies about the devices that made this possible was ordered and that’s what this memo is all about. Note the requirement for the Chief lnformation Officer (CIO) and the Undersecretary of Defense for Intelligence (USDI) to “jointly develop” guidance and training for commanders and others.  

Hackers working for Russia claimed “hundreds of victims” last year in a long-running campaign that put them inside the control rooms of U.S. electric utilities where they could have caused blackouts, federal officials said.

It was Jan last year that I suggested HTTPS adoption had passed the "tipping point", that is, it had passed the moment of critical mass and as I said at the time, "will very shortly become the norm". Since that time, the percentage of web pages

KeePass is probably one of the most popular password managers. Simple, free and open source, it quickly became largely adopted at home and at work. Beware, a non-official website using an URL similar to the real one lets you download a tampered version of the password manager with some adware in it.

Researchers found 20 flaws in Samsung’s SmartThings Hub controller - opening up supported third-party smart home devices to attack.

The Chrome team is delighted to announce the promotion of Chrome 68 to the stable channel for Windows, Mac and Linux. This will roll out ove...

In early July, Intel issued security advisories SA-00112  and SA-00118  regarding fixes for vulnerabilities in Intel Management Engine. ...

Cisco has released 25 security updates yesterday, including a critical patch for Cisco Policy Suite that removes an undocumented password for the "root" account.

For the past year, Android malware authors have been increasingly relying on a solid trick for bypassing Google's security scans and sneaking malicious apps into the official Play Store.

A person's fingers leave thermal residue on keyboard keys that a malicious observer could record and later determine the text a user has entered on the keyboard, according to a recently published research paper by three scientists from the University of California, Irvine (UCI).

An ethical crisis in the digital forensics industry came to a head last week with the release of new details on Microsoft’s undocumented “Activities” API. A previously unknown trove of access and activity logs held by Microsoft allows investigators to track Office 365 mailbox activity in minute detail. Following a long period of mystery and rumors... View Article

Nation-sponsored Slingshot is one of the most advanced attack platforms ever.

Another critical code injection vulnerability found in Signal Desktop app lets remote hackers steal your chats in plaintext