Mozilla boots WoSign as trusted certificate authority for backdating SHA-1 certs and other controversial behavior, and prepares to add default support for TLS 1.3 in 2017.
The FCC passed new ISP privacy rules that increase transparency from broadband providers and mandate that customers must opt-in before ISPs can use or share sensitive user data.
As more details emerge on last week's massive Dyn DNS DDoS, new analysis indicated as few as 100,000 Mirai IoT botnet nodes were enlisted in the incident and reported attack rates up to 1.2 Tbps.
A new attack, called AtomBombing, allows malicious code injection into atom tables by a threat actor. And, while all versions of Windows are vulnerable to attack, no patch will fix the flaw.
An XNU kernel vulnerability in iOS and macOS was patched after being reported by Google's Project Zero. And hackers at Pwn2Own 2016 cracked the Nexus 6P and iPhone 6s.
Surprise! It's time, again, for another critical Adobe Flash patch to fix a remote code execution vulnerability reported by the Google Threat Analysis Group.
As the dust settles around the Dyn DNS DDoS attack, the perpetrator is most likely not a state actor, according to the director of national intelligence and Flashpoint.
A U.S. district judge grants the defendants in a child porn case the right to know whether the FBI used the vulnerabilities equities process before the hack of the Playpen Tor hidden service site.
Researchers devised a way to exploit the Rowhammer hardware vulnerability on Android devices and gain root access by using an app with no special permissions.
Users and companies suffer after Dyn DNS DDoS attacks disrupt access to top sites; links to the Mirai botnet raise more questions, as Dyn mops up.
A Linux vulnerability called Dirty COW has existed in the Linux kernel for nine years and allowed attackers to gain root access to virtually all Linux systems.
Malicious links from the DNC hacker group were responsible for account takeovers and leaked emails from the Clinton campaign chairman and Colin Powell.
At least two DNS DDoS attacks on Dyn are disrupting access to many popular websites, users and companies on the Eastern U.S. are impacted.
Roundup: Firefox browser will reject SHA-1 certificates as soon as Mozilla announces further details relating to the deprecation of the outdated algorithm; plus, Oracle patches and more.
Researchers devised an exploit of an Intel chip flaw that allows an adversary to bypass ASLR protection and potentially boost the effectiveness of an attack on any platform.
A cybersecurity audit of the U.S. Secret Service found 'unacceptable vulnerabilities' that leave the possibility of insider-threat activity and privacy violations.
The first auction of NSA cyberweapons didn't generate much money for the Shadow Brokers, so the group is changing tactics with a direct sale of the files.
Attempting to tidy its root certificates, a mis-issued GlobalSign certificate revocation list left website owners scrambling to address cert errors, restore safe browsing icons.
The Pork Explosion flaw in the app bootloader provided by Foxconn creates an Android backdoor which could give an attacker dangerous levels of access.
The Odinaff banking Trojan has been found targeting the SWIFT messaging system at financial institutions around the world and may have links to the infamous Carbanak group.
News roundup: As Adobe patches 83 vulnerabilities in Flash Player, Acrobat and Reader, the good news is none have been exploited in the wild -- yet. Plus, IoT threats and more.
Akamai researchers discovered how unknown threat actors are using an SSH flaw to secretly gain control of IoT devices and turn them into proxies for malicious traffic.
Top Security Story
Essential Guide: Windows XP security after end of updates for XP SearchSecurity.com | 08 Apr 2014
Learn about security implications of the April 2014 Windows XP end-of-life date and the end of XP security updates, plus planning an XP migration.