News

News

• March 30, 2017 30 Mar'17

  Experts debunk strong encryption claims by FBI's Comey

  FBI Director James Comey clearly laid out his views on strong encryption and urged more conversation, but experts say his arguments fall flat and may even be misleading.

• March 30, 2017 30 Mar'17

  Google's Project Zero Prize uncovers zero Android remote exploits

  After six months, Google's Project Zero Prize competition uncovered zero Android remote exploits: no bugs, no prizes, no entries.

• March 29, 2017 29 Mar'17

  Potential SSL API flaw could reveal private keys

  A researcher claims to have found Symantec SSL API issues with extremely dangerous consequences, but a lack of evidence causes confusion.

• March 24, 2017 24 Mar'17

  Encryption debate needs to be nuanced, FBI's Comey says

  FBI Director James Comey brought the encryption debate back to the forefront by asking for a 'nuanced and thoughtful' conversation on the topic before there is a serious attack.

• March 24, 2017 24 Mar'17

  Google considers options on Symantec certificate authority 'failures'

  Symantec certificate authority cries foul, as Google considers severe options following the company allegedly misissuing as many as 30,000 digital certificates.

• Sponsored News

  • It’s Time to Modernize Your SOC

    Sponsored by Microsoft - With the shift to remote work caused by COVID-19, Security Operations Centers (SOCs) are under more pressure than ever, particularly with many SOC workers also working from home. Today’s reality is that SOCs have to embrace a new way of working in order to keep their analysts and admins effective and to ensure that morale doesn’t collapse under the weight of too much work and pressure. See More

  • 6 Factors to Consider in Building Resilience Now

    Sponsored by Microsoft - COVID-19 has been, and continues to be, a stark reminder of the importance of business resilience. Organizations of all types and sizes have had to adjust to rapidly changing and unpredictable circumstances: A shift to remote work, supply chain disruptions, new digitally driven business models and an environment where uncertainty is the rule, not the exception. See More

  • Why Zero Trust, Why Now

    Sponsored by Microsoft - The concept of a Zero Trust cybersecurity architecture has been around for more than a decade, but adoption didn’t really begin to take hold until the past couple of years. As with many technology innovations, it hasn’t always been clear just what Zero Trust is all about and, more important, how to implement it easily and cost effectively. See More

  • 5 Best Practices To Secure Remote Workers

    Sponsored by Microsoft - The impact of COVID-19 has changed the dynamics and landscape of remote work for at least the foreseeable future and, probably, forever. All of a sudden, organizations across all industries had to scale remote workers at unprecedented intensity and speed. See More

  View All Sponsored News
• March 24, 2017 24 Mar'17

  Comodo to open its Certificate Transparency logs to all CAs

  Certificate authority Comodo has submitted two new Certificate Transparency logs for approval by Google, which aim to accept any publicly trusted certificates from any CA.

• March 24, 2017 24 Mar'17

  Cisco issues fix for Vault 7 vulnerability without help from WikiLeaks

  News roundup: Cisco fixes a Vault 7 flaw unaided, despite WikiLeaks' pledge to work with vendors. Plus, LastPass flaws leak user data; Apple held hostage by hackers; and more.

• March 23, 2017 23 Mar'17

  DV certificates abused, but policing may not be possible

  Research shows DV certificates can be a prime target for phishing and malware operators, but experts are unsure how certificate authorities should deal with the issue.

• March 22, 2017 22 Mar'17

  Risk & Repeat: Accused Yahoo hackers indicted

  In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the indictments of the alleged Yahoo hackers and how the attackers minted Yahoo authentication cookies.

• March 22, 2017 22 Mar'17

  HTTPS interception, middlebox models under fire

  HTTPS interception in security products and services may be reducing security rather than improving it, according to US-CERT, which puts middleboxes in a precarious position.

• March 21, 2017 21 Mar'17

  WikiLeaks' disclosure of CIA hacks comes with requirements

  WikiLeaks reportedly made demands of vendors at risk from the Vault 7 CIA hacks, but without knowing what the requirements are, experts are unsure how to react.

• March 21, 2017 21 Mar'17

  FBI investigating Trump campaign ties to Russia, DNC breach

  FBI Director James Comey confirmed the bureau is investigating the Trump campaign's ties to the Russian government and election cyberattacks such as the DNC breach.

• March 17, 2017 17 Mar'17

  Yahoo fallout: Minted authentication cookies raise concerns

  Although minting authentication cookies is not widely understood, the Yahoo hacker indictments has brought it to the forefront and shown it can be very dangerous.

• March 17, 2017 17 Mar'17

  Will the Yahoo breach indictments be an effective hacker deterrent?

  The Department of Justice indicted suspects in the 2014 Yahoo breach, but experts are unsure if this will prove to be an effective hacker deterrent moving forward.

• March 17, 2017 17 Mar'17

  Patched Apache Struts vulnerability exploited in the wild

  News roundup: An Apache Struts vulnerability is still being exploited, despite being patched. Plus, WhatsApp and Telegram release patches; Assange contacts Microsoft; and more.

• March 15, 2017 15 Mar'17

  DOJ indicts suspected Yahoo hackers from Russia; extradition unclear

  The U.S. Department of Justice indicted four men -- including two Russian Federal Security Service officers -- accused of being the Yahoo hackers, but only one person was arrested.

• March 15, 2017 15 Mar'17

  Risk & Repeat: Leak of CIA hacking tools creates confusion

  In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the confusion around WikiLeaks' release of government documents regarding CIA hacking tools.

• March 14, 2017 14 Mar'17

  Nine critical Windows security bulletins in Patch Tuesday

  After its cancelled February Patch Tuesday, Microsoft's March 2017 Patch Tuesday includes nine critical Windows security bulletins targeting remote code execution flaws.

• March 14, 2017 14 Mar'17

  Is the antivirus industry dead? Experts weigh in

  RSAC 2017: With malware-detecting software increasingly coming under fire for vulnerabilities, find out what the experts had to say about the future of the antivirus industry.

• March 14, 2017 14 Mar'17

  Deprecated SHA-1 certificates trip up SAP Ariba

  SHA-1 certificates are still in play, despite browser deprecation, as SAP Ariba advises legacy users to use unpatched browsers to avoid error messages, blocked access.

• March 14, 2017 14 Mar'17

  Android ransomware and more pre-installed on devices

  Security researchers found Android ransomware and malware pre-installed on popular devices, putting users at risk for information theft, tracking and more.

• March 10, 2017 10 Mar'17

  Report on zero-day vulnerabilities highlights shelf life, overlap

  News roundup: Report on zero-day vulnerabilities questions government stockpiling. Plus, Comey talks encryption and privacy, FCC blocks consumer protection rule, and more.

• March 10, 2017 10 Mar'17

  WikiLeaks vows to disclose CIA hacking tools; CIA to investigate

  WikiLeaks founder Julian Assange promised to work with vendors to help patch products vulnerable to CIA hacking tools, while the FBI and CIA will investigate the leak.

• March 09, 2017 09 Mar'17

  Operation Rosehub patches Java vulnerabilities in open source projects

  Google employees recently completed Operation Rosehub, a grass roots effort that patches a set of serious Java vulnerabilities in thousands of open source projects.

• March 08, 2017 08 Mar'17

  Responsible vulnerability disclosure lacking by CIA and WikiLeaks

  Experts criticize both WikiLeaks and the CIA for failing responsible vulnerability disclosure around the Vault 7 documents, and question the CIA's use of the VEP.

• March 08, 2017 08 Mar'17

  Vault 7 CIA hacking weapons include iOS, Android and Windows zero days

  WikiLeaks released a massive dump of files it claims to be CIA hacking tools, codenamed Vault 7, which includes iOS and Android zero-day exploits.

• March 06, 2017 06 Mar'17

  FBI chooses to protect Tor vulnerability and dismiss child porn case

  The Department of Justice dropped a child pornography case in order to avoid disclosing a Tor vulnerability; dozens more cases potentially affected.

• March 06, 2017 06 Mar'17

  New cybersecurity report gets the hacker perspective

  A new cybersecurity report used a hacker survey to offer a perspective on IT that can often be overlooked and found there may not be any easy answers.

• March 03, 2017 03 Mar'17

  Slack hack threatened to expose user account data and messages

  News roundup: A researcher discovers a Slack hack through stolen tokens. Plus, another WordPress flaw puts 1 million users at risk; Necurs botnet does DDoS now; and more.

• March 03, 2017 03 Mar'17

  Cloudflare security team calms fears over Cloudbleed bug

  Cloudflare security researchers continue investigations as CEO calms fears over potential exposure of sensitive personal data by the Cloudbleed bug, though doubts remain.

• March 02, 2017 02 Mar'17

  Employees knew about Yahoo security breach years ago, per new SEC filing

  A new SEC filing details who knew about the major Yahoo security breach in 2014, but experts are confused by the repercussions of the announcement.

• February 28, 2017 28 Feb'17

  Edge and IE vulnerability disclosed by Project Zero

  Google Project Zero's 90-day disclosure policy bites Microsoft again, as a zero-day Edge and IE vulnerability is made public before a patch is available.

• February 27, 2017 27 Feb'17

  Chrome backs out of TLS 1.3 support after proxy issues

  After Google rolled out the latest version of Chrome, Blue Coat proxy software issues prompt rollback of TLS 1.3 support in latest version of Chrome browser.

• February 24, 2017 24 Feb'17

  Experts: Government Vulnerabilities Equities Process should be law

  Experts say codifying the Vulnerabilities Equities Process into law would increase transparency and trust regarding vulnerability disclosure by the government.

• February 24, 2017 24 Feb'17

  RSA Conference 2017: Are software regulations coming for developers?

  Security expert Bruce Schneier said programmers' freedom to code whatever they want will likely come to an end. Should the industry brace itself for software regulations?

• February 24, 2017 24 Feb'17

  Suspect in Mirai malware attack on Deutsche Telekom arrested

  News roundup: U.K. authorities arrested a suspect in the Mirai malware attack on Deutsche Telekom. Plus, a judge denies a government request to collect fingerprints, and more.

• February 24, 2017 24 Feb'17

  Project Zero discovers Cloudflare bug leaking sensitive customer data

  The Cloudflare bug in CDN is fixed after causing sensitive customer data to leak. Google Project Zero discovered the flaw, and users were warned to change passwords.

• February 23, 2017 23 Feb'17

  BeyondCorp brings software-defined network security to Google

  Google restructured its network security with the BeyondCorp program and wants to show other organizations how to move past firewalls.

• February 23, 2017 23 Feb'17

  SHA-1 deprecation more important after hash officially broken

  SHA-1 deprecation in browsers comes as researchers create hash collisions and Google offers website and developer tools to protect against malicious uses.

• February 22, 2017 22 Feb'17

  Risk & Repeat: RSA Conference 2017 highlights and trends

  In this episode of SearchSecurity's Risk & Repeat podcast, editors recap RSA Conference 2017 and discuss how the show addressed many security problems, but had very few answers.

• February 22, 2017 22 Feb'17

  Understanding of security remediation differs for CISOs, researchers

  One expert warned there can be a disconnect between what security remediation means to CISOs and what researchers announce because of divergent objectives.

• February 22, 2017 22 Feb'17

  Microsoft commits to GDPR compliance in the cloud by 2018 deadline

  Microsoft vows GDPR compliance in all cloud services when enforcement of the new EU data privacy regulation begins in May 2018, but companies still must take action to avoid fines.

• February 21, 2017 21 Feb'17

  Google discloses Windows vulnerability after canceled Patch Tuesday

  Google Project Zero discloses a Windows vulnerability that passed the 90-day deadline. And it comes soon after Microsoft canceled its Patch Tuesday release.

• February 21, 2017 21 Feb'17

  Windows 10 privacy issues persist, says EU privacy watchdog

  Windows 10 privacy issues remain as EU's top privacy watchdog group, the Article 29 Working Party, issues a second warning letter to Microsoft to simplify, clarify data collection.

• February 17, 2017 17 Feb'17

  Microsoft Patch Tuesday February release delayed by a month

  News roundup: Microsoft Patch Tuesday was canceled in February without a clear reason. Plus, APT28 is linked to new Mac malware; Lazarus targets more banks and more.

• February 17, 2017 17 Feb'17

  Q&A: Digging into darknet technology with Farsight's Andrew Lewman

  At RSAC, former Tor Project CEO Andrew Lewman explains the latest research into darknet technology and how that tech continues to evolve as an attack vector.

• February 16, 2017 16 Feb'17

  Connected medical devices spark debate at RSA Conference session

  An RSA Conference session on a new attack on connected medical devices led to a spirited debate on vulnerability disclosure and manufacturer responsibility.

• February 16, 2017 16 Feb'17

  Experts debate national cybersecurity policy suggestions at RSAC 2017

  Experts at RSAC 2017 discussed national cybersecurity policy suggestions for the new presidential administration, including what to do about encryption and the DHS mission.

• February 16, 2017 16 Feb'17

  Q&A: Yubico brings FIDO authentication protocol to the masses

  Yubico founder and CEO Stina Ehrensvard spoke with SearchSecurity at RSAC 2017 about FIDO authentication and how Google uses it to secure logins and cut costs.

• February 16, 2017 16 Feb'17

  RSA Conference speakers tackle tech immigration reform, travel ban

  Several speakers made pro-immigration remarks at RSA Conference 2017 and called for tech immigration reform following President Trump's controversial executive order.

• February 15, 2017 15 Feb'17

  Upcoming cybersecurity executive order leaves RSAC experts optimistic

  Experts at RSAC 2017 discussed the upcoming cybersecurity executive order from the new presidential administration and how the NIST Framework strengthens the plan.

• February 15, 2017 15 Feb'17

  Do IoT security risks require new legislation or will standards suffice?

  In a panel discussion about current IoT security risks, experts at RSA Conference 2017 weigh government legislation options against industry self-regulation.

• February 15, 2017 15 Feb'17

  Bruce Schneier: It's time for internet-of-things regulation

  Speaking at RSA Conference 2017, security expert Bruce Schneier called for the creation of a new government agency to oversee internet-of-things regulation.

• February 15, 2017 15 Feb'17

  Christopher Young: Don't sleep on the Mirai botnet

  RSA Conference 2017 was full of talk about future IoT attacks, but Intel Security's Christopher Young said the Mirai botnet is still an enormous threat and demonstrated why that is.

• February 15, 2017 15 Feb'17

  State-sponsored hacking needs to stop, says Congressman McCaul

  Rep. Michael McCaul took a harsh stance on Russian state-sponsored hacking at RSA Conference 2017 and pushed the U.S. government to do more to stop such attacks.

• February 14, 2017 14 Feb'17

  RSA panel covers cryptography trends, elections and more

  Panel at RSAC on cryptography trends offers views on AI's coming domination of cybersecurity, quantum computing and quantum cryptography, politics and elections and more.

• February 14, 2017 14 Feb'17

  Microsoft: Nation-state cyberattacks have changed the security game

  Microsoft's Brad Smith spoke at RSA Conference 2017 about the effects of nation-state cyberattacks and what businesses and governments can do about them.

• February 14, 2017 14 Feb'17

  Ramzan advocates collaborative security in RSAC keynote

  Zulfikar Ramzan opens RSA Conference 2017 by reminding enterprises that just as cyberattacks have long-tail repercussions, so too do collaborative security decisions made in business.

• February 14, 2017 14 Feb'17

  RSA President Rohit Ghai details new cybersecurity platform at RSAC 2017

  Michael Dell introduces RSA's newly appointed president, Rohit Ghai, who is set to lead the cybersecurity firm as it implements its new Business Driven Security platform.

• February 14, 2017 14 Feb'17

  Nation-state cyberattacks rising, warns former NSA director

  Speaking at RSA Conference 2017, former NSA Director Keith Alexander warned of increased nation-state cyberattacks and called for an overhaul of U.S. government cybersecurity.

• February 13, 2017 13 Feb'17

  Ransomware threat continues to evolve, defense needs to catch up

  With the rapid expansion of the ransomware threat landscape, defenders are scrambling to find ways to fight back. RSAC 2017 dedicated a full day for a ransomware seminar.

• February 10, 2017 10 Feb'17

  Trump tells White House cybersecurity officer, 'You're fired'

  Rumors have been confirmed that President Trump has fired the White House cybersecurity officer in charge of making sure he and his staff are not hacked.

• February 10, 2017 10 Feb'17

  Corero: Telecom carriers have fallen behind on DDoS defense

  Corero Network Security's Dave Larson talks with SearchSecurity about how DDoS defense has changed and why telecom service providers have struggled to keep up with new threats.

• February 10, 2017 10 Feb'17

  NSA contractor indicted for stealing elite cyberweapons over 20 years

  The NSA contractor accused of stealing elite cyberweapons over the course of 20 years, but his connection to the Shadow Brokers auction of similar hacking tools is still unclear.

• February 10, 2017 10 Feb'17

  Is the Ticketbleed flaw the new Heartbleed vulnerability?

  News roundup: F5 virtual server flaw, dubbed Ticketbleed, is similar to Heartbleed. Plus, DHS is considering requiring social media passwords on visa applications, and more.

• February 09, 2017 09 Feb'17

  IoT security threat to become real post-Mirai at RSA Conference 2017

  IoT security tops the list of RSA Conference 2017 submissions after IoT devices were abused by threat actors, but the topics experts worry about are much more far-reaching.

• February 08, 2017 08 Feb'17

  Five things to watch at RSA Conference 2017

  With no single trend or theme dominating at RSA Conference 2017, this year's show will still have plenty of material on machine learning, IoT security and much more.

• February 08, 2017 08 Feb'17

  Rapid7's Brown and Beardsley address IoT security issues

  Rapid7's Rebekah Brown and Tod Beardsley talk about IoT security issues, including new cars, blaming users for poor implementations and why NAT is the best firewall ever.

• February 07, 2017 07 Feb'17

  Corero Network Security on why DDoS mitigation strategy must improve

  Corero Network Security's Dave Larson talks with SearchSecurity about how the Mirai botnet attacks have forced companies to change their DDoS mitigation strategy.

• February 07, 2017 07 Feb'17

  Google to appeal after loss in cloud data privacy case

  Further battle over cloud data privacy is imminent, as a court decides against Google and declines to consider Microsoft's recent appeal victory as precedent.

• February 07, 2017 07 Feb'17

  SQL Slammer worm makes a comeback 14 years later

  The SQL Slammer worm returned to take down systems that have been left unpatched for the past 14 years, but experts are unsure if the attacks will continue.

• February 06, 2017 06 Feb'17

  Q&A: Rapid7's Beardsley and Brown take on bug bounty programs, IoT

  Rapid7's Beardsley and Brown are back with more insight into vulnerability disclosure, the value of bug bounty programs and, of course, IoT.

• February 03, 2017 03 Feb'17

  Microsoft delays Windows zero-day patch; researcher drops exploit code

  Microsoft decided to delay a Windows zero-day patch by two months, prompting the researcher who found it to post the proof-of-concept exploit code.

• February 03, 2017 03 Feb'17

  Experts debate effects of government cybersecurity executive order

  A leaked version of a draft of a government cybersecurity executive order from President Trump has experts debating the effects such an order would have.

• February 03, 2017 03 Feb'17

  Google G Suite updates aim to improve phishing protection

  News roundup: Google updates G Suite with stronger authentication. Plus, WordPress secretly patches vulnerabilities, malware is likely to infect entire OSes, and more.

• February 02, 2017 02 Feb'17

  Pentagon hack possible due to bad vulnerability management

  A researcher finds unpatched flaws in DOD systems that may have already allowed a Pentagon hack, and the government is doing nothing to remediate the issue.

• February 01, 2017 01 Feb'17

  Tatu Ylonen explains the risks of IoT SSH implementations

  SSH creator Tatu Ylonen explains why IoT SSH implementations can be dangerous and presents real-world examples of threat actors abusing SSH keys to attack enterprises.

• February 01, 2017 01 Feb'17

  In 2017, cybersecurity attacks will follow your data

  Thanks to a polarizing election, the potential ramifications of cybersecurity attacks are front and center. Your friends and relatives probably have some concept of what it is that you actually do and its importance. But the daily challenges of ...

• January 31, 2017 31 Jan'17

  RSA Conference 2017 "not impacted" by Trump's executive order

  RSA Conference 2017 hasn't been affected by President Trump's recent executive order, but the travel ban has still send shockwaves through the tech industry.

• January 31, 2017 31 Jan'17

  RSAC 2017 Innovation Sandbox highlights top 10 cyber startups

  RSAC 2017: Innovation Sandbox competition pits this year's top 10 cybersecurity startups against each other in a bid to win top honors as most innovative.

• January 31, 2017 31 Jan'17

  Hacked CCTV cameras in DC before inauguration leave unanswered questions

  The Washington, D.C., Police Department spotted hacked CCTV cameras before the inauguration and has remediated the ransomware, but questions still surround the attack.

• January 31, 2017 31 Jan'17

  Q&A: Rapid7's Beardsley and Brown dish on Mirai botnet, pen testing

  Rapid7's Beardsley and Brown offer insight on Mirai botnet attacks, while also sharing some of their craziest penetration testing and incident response experiences.

• January 30, 2017 30 Jan'17

  RSA 2017: Special conference coverage

  Follow breaking news from the SearchSecurity team at RSA 2017 in San Francisco to learn the latest developments in the information security industry.

• January 27, 2017 27 Jan'17

  Symantec CA report offers more clarity on certificate transparency catch

  One week after certificate transparency revealed a Symantec CA improperly issued over 100 digital certificates, Symantec offers more details on the incident.

• January 27, 2017 27 Jan'17

  Google creates its own root certificate authority

  Google is expanding its certificate authority capabilities by creating its own root certificate authority, but experts are unsure of Google's plans moving forward.

• January 27, 2017 27 Jan'17

  How improper SSH key management is putting enterprises at risk

  In part two of his interview with SearchSecurity, SSH creator Tatu Ylonen explains why proper SSH key management is crucial and how attackers can use lost or exposed keys.

• January 27, 2017 27 Jan'17

  Americans split on federal government security, encryption attitudes

  News roundup: Half of Americans don't trust federal government security. Plus, a Kaspersky Lab manager was arrested; an internal DOD network was found vulnerable; and more.

• January 26, 2017 26 Jan'17

  More than 200 vulnerabilities found in Trend Micro security products

  Researchers uncovered more than 200 vulnerabilities across Trend Micro products, but experts said the company brand won't take a hit.

• January 26, 2017 26 Jan'17

  Microsoft defeats DOJ appeal in cloud data privacy case

  Microsoft notches another win in its battle to protect cloud data privacy, as an appeals court quashes the DOJ appeal over a warrant for data stored in an Ireland data center.

• January 26, 2017 26 Jan'17

  Heartbleed bug still found to affect 200,000 services on the web

  Researchers found the infamous Heartbleed bug is still unpatched on as many as 200,000 services connected to the internet and experts don't expect that number to change.

• January 25, 2017 25 Jan'17

  Risk & Repeat: Windows SMB warning raises questions, concerns

  In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the Shadow Brokers' alleged exploit for Windows SMB and what it means for both enterprises and Microsoft.

• January 25, 2017 25 Jan'17

  Project Zero finds Cisco WebEx vulnerability in browser extensions

  A critical Cisco WebEx vulnerability in the service's browser extensions was discovered and patched, though some disagree the patch goes far enough to protect against attack.

• January 24, 2017 24 Jan'17

  Certificate Transparency snags Symantec CA for improper certs

  Symantec CA could be in for more trouble after a security researcher, using Certificate Transparency logs, discovered more than 100 improperly issued certificates.

• January 23, 2017 23 Jan'17

  SEC to investigate the Yahoo breach disclosures

  The SEC has requested more information for potential cases concerning whether the Yahoo breach disclosures could have come sooner.

• January 20, 2017 20 Jan'17

  Tatu Ylonen: Bad SSH security practices are exposing enterprises

  SSH creator Tatu Ylonen talks with SearchSecurity about how the cryptographic network protocol has grown over the years and why poor SSH security is jeopardizing enterprises today.

• January 20, 2017 20 Jan'17

  Future of the federal CISO position in question as Touhill steps down

  Retired Brig. Gen. Gregory Touhill stepped down as the federal CISO, leaving questions surrounding the future of the position and the work he has done.

• January 20, 2017 20 Jan'17

  Carbanak gang using Google services for command and control

  Researchers find the Carbanak gang has evolved its attacks on financial institutions to use Google services for command and control infrastructure in malware.

• January 20, 2017 20 Jan'17

  Vulnerable Adobe extension downloads covertly to Chrome

  News roundup: A flawed Adobe extension was secretly installed on 30 million Chrome browsers. Plus, the Mirai author has been identified; Google releases security details; and more.

• January 19, 2017 19 Jan'17

  Windows 10 security tackles exploits, while Windows 7 gets a warning

  As Microsoft touted its Windows 10 security features defeating unpatched zero-day vulnerabilities, it also warned customers about security issues with Windows 7.

• January 19, 2017 19 Jan'17

  US-CERT reminds users that Windows SMB v1 needs to die

  Experts say US-CERT is taking advantage of a potential -- but unverified -- vulnerability in Windows SMB v1 to remind enterprise users the outdated service should be disabled.