Security News

Auditors performing a cryptanalysis of TrueCrypt found four vulnerabilities, but zero backdoors in the popular open source encryption software.

Google's first Android Security Report puts some hard data behind the effectiveness of the security enhancements it has put into the OS.

A Russian security researcher discovered that he could delete any video on YouTube by sending a simple POST request in YouTube's Creator Studio.

Google has taken the unusual step of completely removing trust from Chrome for the Chinese certificate authority CNNIC in the wake of an incident in which certificates issued by the CA were...

Pew Research Center survey finds that most Americans have done little or nothing to change their online behaviors nearly two years after the first NSA spying revelations emerged.

Students at St. Mary's University in Canada released to open source a web-based threat modeling tool called Seasponge that they hope will provide an alternative to Microsoft's free tool.

Critical vulnerabilities exist in several JSON Web Token (JWT) libraries – namely the JavaScript and PHP versions – that could let an attacker bypass the verification step.

Verizon Wireless has made a change that now allows customers to opt out of the ad-targeting program that relies on the so-called supercookie identifier that was inserted into Web requests users...

DHS warned of a serious vulnerability in Multicast DNS devices whereby leaked system information could be leveraged in a DDoS amplification attack.

Mozilla has released Firefox 37, and along with the promised addition of the OneCRL certificate revocation list, the company has included a feature that enables opportunistic encryption on...