IPv6 security and network protocols security
- February 05, 2020
Armis Security disclosed five vulnerabilities, dubbed 'CDPwn,' in Cisco's Discovery Protocol, which impact 'tens of millions' of Cisco devices such as routers and IP phones.
- May 06, 2019
Cisco released a patch for a critical vulnerability in Nexus 9000 switches that could allow a remote attacker to gain root access because of the use of a default SSH key pair.
- January 03, 2018
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the long wait for TLS 1.3 and the effects -- positive and negative -- the delays have had for enterprise security.
- December 29, 2017
Protocol scrutiny is good for the upcoming TLS 1.3 update as the process continues to expose, and fix, problems.
- June 15, 2017
Microsoft claims recent WannaCry attacks did not influence the decision to disable SMBv1 by default in the next major Windows updates.
- June 13, 2017
The recent IPv6 update from the IETF introduces new security and privacy recommendations. Expert Fernando Gont explains these changes and what they mean for organizations.
- May 05, 2017
News roundup: Attackers exploit SS7 vulnerability and drain bank accounts. Plus, Trump signs government IT executive order, an Intel AMT flaw threatens millions and more.
- March 14, 2017
SHA-1 certificates are still in play, despite browser deprecation, as SAP Ariba advises legacy users to use unpatched browsers to avoid error messages, blocked access.
- February 27, 2017
After Google rolled out the latest version of Chrome, Blue Coat proxy software issues prompt rollback of TLS 1.3 support in latest version of Chrome browser.
- February 23, 2017
SHA-1 deprecation in browsers comes as researchers create hash collisions and Google offers website and developer tools to protect against malicious uses.
- February 14, 2017
Panel at RSAC on cryptography trends offers views on AI's coming domination of cybersecurity, quantum computing and quantum cryptography, politics and elections and more.
- February 01, 2017
SSH creator Tatu Ylonen explains why IoT SSH implementations can be dangerous and presents real-world examples of threat actors abusing SSH keys to attack enterprises.
- January 27, 2017
In part two of his interview with SearchSecurity, SSH creator Tatu Ylonen explains why proper SSH key management is crucial and how attackers can use lost or exposed keys.
- January 20, 2017
SSH creator Tatu Ylonen talks with SearchSecurity about how the cryptographic network protocol has grown over the years and why poor SSH security is jeopardizing enterprises today.
- December 30, 2016
In this episode of SearchSecurity's Risk & Repeat podcast, SSH creator Tatu Ylonen talks about the SSH security issues facing enterprises today and how they should be addressed.
- November 21, 2016
As the internet prepares for deprecation of the obsolete secure hashing algorithm, Google and other browser companies prepare to drop support for SHA-1 certificates.
- October 13, 2016
Akamai researchers discovered how unknown threat actors are using an SSH flaw to secretly gain control of IoT devices and turn them into proxies for malicious traffic.
- September 28, 2016
New SWIFT security policy will mandate baseline controls for banking partners, but experts are unsure how effectively the changes can be enforced.
- September 28, 2016
Domain name system watchdog ICANN has begun the process of updating the DNS root zone signing key to strengthen DNSSEC protection against man-in-the-middle attacks.
- August 31, 2016
SWIFT told clients there have been more attacks on its bank messaging system and some have resulted in bank thefts, but no solutions to security are available.
- August 18, 2016
The SWIFT banking system had a number of high-profile hacks earlier this year, and execs are now admitting they ignored security issues until it was too late.
- August 05, 2016
Black Hat researchers report flaws in key web protocols, demonstrating widespread flaws in HTTP/2 implementations; Banner Health announces breach affecting 3.7 million.
- July 18, 2016
John Curran, ARIN chief, explains IPv6 connectivity progress and gives compelling security arguments in favor of IPv6 support sooner rather than later.
- July 14, 2016
A year after the depletion of the IPv4 address space, ARIN chief John Curran talks about IPv6 benefits, the IPv6 NAT conundrum and the importance of offering IPv6 connectivity.
- July 12, 2016
SWIFT attempts to improve banking security include partnerships with two cybersecurity firms, and the creation of a new Customer Security Intelligence team.
- June 08, 2016
Following a number of attacks on the SWIFT banking system that led to the theft of millions of dollars, SWIFT promised new rules to improve security for bank transfers.
- May 26, 2016
In order to stop metadata snooping by law enforcement and hackers, a proposed spec aims to improve DNS privacy with TLS.
- April 15, 2015
PCI DSS 3.1 grants merchants about 14 months to nix flawed SSL and TLS protocols, but demands they quickly provide detailed new documentation on how they plan to make the transition.
- April 05, 2015
Experts say even enterprises that carefully secure TLS may still be at the mercy of the numerous security issues affecting the SSL ecosystem.
- March 31, 2015
Qualys has added a free, public API to its SSL testing services, which will enable an enterprise to test any website or server for SSL vulnerabilities.
- March 30, 2015
The PCI Security Standards Council has confirmed that PCI DSS 3.1 will be released in just a few weeks. According to a Gartner analyst, the surprise new release could cause major problems for merchants.
- March 23, 2015
Cisco says a vulnerability in some of its IP phones for SMBs could allow eavesdropping. A fix is not yet available, but Cisco has offered mitigation techniques.
- December 22, 2014
According to researchers, the most severe of several newly discovered Network Time Protocol security flaws can be exploited remotely with a single packet.
- September 19, 2014
News roundup: Rogue cell phone towers are popping up across the United States, heightening enterprise communication and data privacy concerns. Plus: Goodwill breach update; Adobe patches released; and security in 2025.
- July 02, 2014
Heartbleed exposed a number of long-standing issues at OpenSSL, but the open source encryption project has laid out plans to improve the organization.
- June 30, 2014
A Gartner analyst says SDN security issues abound because of lacking security controls, little interoperability and shaky management features.
- May 16, 2014
Uneven response efforts have left hundreds of thousands of servers and other devices vulnerable to the Heartbleed OpenSSL vulnerability.
- April 24, 2014
A number of tech giants have pledged financial help to OpenSSL and other open source projects after the Heartbleed bug exposed numerous issues.
- April 10, 2014
Analysis: The 'Heartbleed' OpenSSL vulnerability is one of the worst bugs a SANS expert has seen, and that's before the fallout is fully understood.
- August 26, 2013
At VMworld 2013, VMware unveiled its next-gen network virtualization platform, NSX, and an ecosystem partnership with the security industry.
- August 09, 2013
Neohapsis' Scott Behrens explains how having both IPv4 and IPv6 Internet protocols enabled can lead to man-in-the-middle attacks.
- February 06, 2013
HD Moore unveiled research showing wide-scale UPnP security issues last week, but some of the problems have been known for years.
- November 26, 2012
Weak passwords may be enabling attackers to hack the DNS records of some Go Daddy hosted websites to spread ransomware.
- January 12, 2012
Tools, services and support are available, but experts believe a watershed moment is what is needed to push enterprises into DNSSEC adoption.
- August 19, 2011
IBM’s Secure Open Wireless method could secure public Wi-Fi networks automatically and prevent attackers from snooping and stealing users’ data.
- August 03, 2011
Noted researcher Dan Kaminsky presented his latest network security research topics, including vulnerabilities in P2P networks, UPNP and home routers.
- June 07, 2011
Experts say suspect IPv6 security features in commercial products and weaknesses in the protocol could be exploited by attackers.
- May 19, 2011
Researchers at Virginia Tech have created a tool called Moving Target IPv6 Defense in order to address looming IPv6 security issues.
- March 23, 2011
A breach at a registration authority caused Comodo to issue nine fraudulent certificates, enabling an attacker to impersonate some major websites and servers.
- February 16, 2011
Dan Kaminsky and other experts involved in DNSSEC deployments, during an RSA Conference 2011 session, urged enterprises to consider rolling out support for the new Internet protocol.
- February 15, 2011
Many network security professionals take the wrong approach when testing their networks, according to one prominent security expert.
- February 15, 2011
Microsoft Vice President of Trustworthy Computing Scott Charney at the RSA Conference 2011 discussed Collective Defense, Microsoft's proposed Internet health check system for consumer computers, and how it should be implemented not by governments ...
- July 30, 2010
Announced at this week's Black Hat Briefings, root servers and Internet domains have now been signed with DNSSEC.
- July 29, 2010
Attackers capable of carrying out man-in-the-middle attacks to hijack Web browsing sessions can go further and render Web security protocols HTTPS and SSL/TLS useless against attack.
- July 14, 2010
Ivan Ristic of Qualys Inc.'s SSL Labs, is studying thousands of SSL implementations to document configuration errors and protocol issues.
- January 20, 2010
Arbor Networks Inc. survey finds angst over botnet attacks targeting underlying systems, including DNS, load balancers and other back-end infrastructure.
- December 24, 2009
While some security experts call the Twitter incident a non-issue, others say it is a reminder of DNS weaknesses and the need for better authentication.
- September 11, 2009
DNSSEC isn't a cure-all for DNS security issues. It won't stop drive-by attacks, protect against denial-of-service attacks or any other kind of attacks that piggyback on top of the DNS and depend upon social engineering for success. But it does ...
- September 09, 2009
With attack code widely available, companies could take steps to mitigate the threat. Windows 7 and Vista users are at risk.
- June 25, 2009
Network security researcher Dan Kaminsky has had a year to reflect on the impact of the cache poisoning vulnerability he discovered in the Domain Name System (DNS). Kaminsky revealed during last year's Black Hat Briefings a technique that made it ...
- October 01, 2008
Two security experts have found several basic problems with TCP, enabling them to execute DoS and other attacks against virtually any Internet-facing TCP-enabled device.
- August 30, 2007
Security flaws in Cisco CallManager and Unified Communications Manager could be exploited for cross-site scripting and SQL injection attacks, but a security update is available.
- March 06, 2007
A database security vendor says database client-server protocols are being targeted by attackers. An analyst says enterprises are adding defenses.
- December 05, 2006
As director of training and certification for the Bethesda, Md.-based SANS Institute, Stephen Northcutt is always looking for better ways to prepare IT professionals for the threats of cyberspace. This year's SANS Top 20 Attack Targets list has ...
- November 16, 2006
This week in Security Blog Log: Some experts ponder whether the SANS Institute's Top 20 vulnerability list is as valuable than it once was. Others weigh in on the VoIP threat.
- December 09, 2005
Just by browsing your competitor's Web site, you might be giving away your company's most guarded secrets. Experts offer advice for countering the subterfuge and keeping secrets safe.
- November 23, 2005
The VoIP Security Alliance recently created a "Threat Taxonomy" outlining threats, and vendors are flooding the market with security products. What should companies be afraid of?
- October 25, 2005
Attackers could cause a denial-of-service attack or launch malicious code by exploiting vulnerabilities in the Internet telephony software. But fixes are available.
- November 16, 2004
Because DNS is becoming a larger attack vector, appliances that manage IP addresses will grow more prominent, Burton Group said.
- October 28, 2004
A rise in enterprises using VoIP technology has highlighted security and spam concerns.
- May 13, 2004
In a spring where alerts poured into mailboxes like April showers, one announcing major flaws in the Transmission Control Protocol got a lot of attention. Perhaps too much.
- April 22, 2004
Experts said no one should panic over the Transmission Control Protocol (TCP) vulnerability announced Wednesday.
- January 13, 2004
Microsoft released three patches Tuesday afternoon, one of them for a critical flaw in its Internet Security and Acceleration Server 2000.
- March 14, 2002
Users and vendors are paying serious attention to the recently announced security flaw in Simple Network Management Protocol (SNMP). Recently, Edward Hurley, SearchSecurity's assistant news editor, spoke with Kevin Schmidt, lead software engineer at...
- February 13, 2002
SNMP flaw is serious, fix isn't easy