Web Server Threats and Countermeasures
- February 24, 2017
The Cloudflare bug in CDN is fixed after causing sensitive customer data to leak. Google Project Zero discovered the flaw, and users were warned to change passwords.
- January 26, 2017
Researchers found the infamous Heartbleed bug is still unpatched on as many as 200,000 services connected to the internet and experts don't expect that number to change.
- December 29, 2016
A bypass for the patch of a remote code execution vulnerability in the PHPMailer library prompted a second patch release for the popular library used by millions of websites.
- October 13, 2016
Academic researchers show how to place undetectable encryption backdoors in cryptographic keys and passively decrypt data, which could undermine confidence in certain algorithms.
- September 28, 2016
Domain name system watchdog ICANN has begun the process of updating the DNS root zone signing key to strengthen DNSSEC protection against man-in-the-middle attacks.
- May 19, 2016
The ImageTragick bug raises questions over responsible disclosure, as the flaw in the ImageMagick image-processing library exposes millions of websites to remote code execution.
- January 29, 2016
A new OpenSSL patch fixes a severe encryption flaw and strengthens the protocol against the Logjam vulnerability.
- January 18, 2016
The Internet Systems Consortium released a critical patch for DHCP servers that fixed a flaw that could lead to denial-of-service attacks.
- November 19, 2015
The DNSSEC protocol is a flawed solution to certificate authorities, but experts said any controversy surrounding the potential spying is more misunderstanding than fact.
- September 11, 2014
Experts say the latest security breach of the Healthcare.gov website was caused by lacking security process maturity, downplaying the importance of website security testing.
- March 19, 2014
Security vendor Imperva says thousands of enterprise Web servers are exposed to an easy-to-exploit PHP flaw despite a patch long being available.
- January 08, 2014
Update: A Cisco researcher says last week's malvertisement attacks using Yahoo ads likely began prior to December 2013.
- November 05, 2013
The IT professionals tasked with fending off a barrage of server security threats are unsure of their ability to do so, according to a new survey.
- August 30, 2013
Big data analysis of IP addresses performed by OpenDNS kept some 50 million users from falling prey to the hijacking of The New York Times website.
- June 19, 2013
Fraud prevention for the Web: RSA Silver Tail sets stage for enterprise-level security with big data and brand new interface.