The IETF released RFC7258 which defines pervasive monitoring of Internet traffic and surveillance of online activity as an attack to be mitigated in all future IETF protocols.
A critical security vulnerability that existed in the Linux kernel for five years has now been fixed, but could cause system crashes, code execution, and privilege escalation.
Malicious campaign targeting tax payers from Colombia accusing them of tax fraud and stealing they passwords and money.
DUBAI–When new technologies or platforms emerge, they tend to follow a familiar trajectory in terms of security. The evolution typically goes through something like the following stages: Hey, look what we built; huh, no, we didn’t think about that problem; we’re very serious about security; ok, now we’re actually serious about security. This is the […]
Google resolved three highly rated security vulnerabilities in Chrome. US-CERT warns an attacker could exploit these bugs to take control of affected systems.
The peer-to-peer version of Zeus was especially busy in the first quarter with infections reported by banks in 10 countries that previously had eluded Zeus’ reach.
Microsoft issued advisories informing users they can now disable RC4 in .NET, in addition to additional credential protection for Windows and that it had revoked digital signatures for four UEFI modules.
The NSF is awarding $15 million worth of grants to researchers who can implement new Internet architectures that move toward a more robust and secure Internet.
Patches are available for buffer overflow bugs in Yokogawa production control software. Public exploits are available for the vulnerabilities, as well as a Metasploit module.
Mozilla has warned certificate authorities included in its root CA Certificate Program that they only have a few weeks left to comply with the company’s new policy, which requires CAs to adhere to the CA/Browser Forum Baseline Requirements and provide proof of audits of their subordinate certificates. The company made the policy change last year, […]
Microsoft pushed its largest batch of Patch Tuesday updates so far this year today - eight bulletins, two critical – addressing important 13 issues in Internet Explorer and Sharepoint Server, along with Windows, Office and its .NET Framework.
BlackBerry released an advisory today that its updates are available for its products affected by the Heartbleed OpenSSL vulnerability.
The Ajax Security Team of Iran has been linked to attacks against the U.S. defense industrial base and Iranian dissidents inside and outside of the country, FireEye said.
Facebook dug into the prevalence of SMTP STARTTLS deployments for email encryption and found that 58 percent of messages are sent encrypted and certificate validation happened without a hitch.
Link-shortening service Bitly announced that it’s ramping up its development of two-factor authentication following a compromise that leaked user information on Thursday.
DNS providers PointDNS is back online after mitigating a massive DDoS attack last week.
The Federal Financial Institutions Examination Council (FFIEC) announced last week that it will work harder to try to identify vulnerabilities in smaller community banks and is planning to better raise awareness when it comes to cyber threats.
Engineers at Facebook and Carnegie Mellon University quantified the number of forged certificates used in 3.5 million SSL connections with Facebook during a four-month period.