News
News
- April 01, 2015
01 Apr'15
Defending against the digital invasion
As attackers move beyond “spray and pray” tactics to advanced persistent threats -- having better security than your competitors is no longer enough. Targeted attacks today are often for financial gain through extortion and threats to expose or ...
- March 31, 2015
31 Mar'15
Amid growing SSL concerns, Qualys expands free public SSL tester
Qualys has added a free, public API to its SSL testing services, which will enable an enterprise to test any website or server for SSL vulnerabilities.
- March 31, 2015
31 Mar'15
New PCI SSC penetration testing guidelines aim to be more prescriptive
The PCI SSC has issued prescriptive new supplemental guidance on penetration testing in an effort to reverse current trends and improve merchant compliance.
-
- March 30, 2015
30 Mar'15
PCI DSS 3.1 set for April 2015 release, will cover SSL vulnerabilities
The PCI Security Standards Council has confirmed that PCI DSS 3.1 will be released in just a few weeks. According to a Gartner analyst, the surprise new release could cause major problems for merchants.
- March 27, 2015
27 Mar'15
Is the RSA 2015 'booth babe' ban a win for women in security?
News roundup: The ban of "booth babes" at RSA Conference 2015 has been met with praise; does it equal an increase of women in infosec? Plus: Cyberthreat data-sharing bill advances; Flash flaw exploited days after patching; new twist on Google Play ...
-
Sponsored News
-
It’s Time to Modernize Your SOC
Sponsored by Microsoft - With the shift to remote work caused by COVID-19, Security Operations Centers (SOCs) are under more pressure than ever, particularly with many SOC workers also working from home. Today’s reality is that SOCs have to embrace a new way of working in order to keep their analysts and admins effective and to ensure that morale doesn’t collapse under the weight of too much work and pressure. See More
-
6 Factors to Consider in Building Resilience Now
Sponsored by Microsoft - COVID-19 has been, and continues to be, a stark reminder of the importance of business resilience. Organizations of all types and sizes have had to adjust to rapidly changing and unpredictable circumstances: A shift to remote work, supply chain disruptions, new digitally driven business models and an environment where uncertainty is the rule, not the exception. See More
-
Why Zero Trust, Why Now
Sponsored by Microsoft - The concept of a Zero Trust cybersecurity architecture has been around for more than a decade, but adoption didn’t really begin to take hold until the past couple of years. As with many technology innovations, it hasn’t always been clear just what Zero Trust is all about and, more important, how to implement it easily and cost effectively. See More
-
5 Best Practices To Secure Remote Workers
Sponsored by Microsoft - The impact of COVID-19 has changed the dynamics and landscape of remote work for at least the foreseeable future and, probably, forever. All of a sudden, organizations across all industries had to scale remote workers at unprecedented intensity and speed. See More
-
- March 27, 2015
27 Mar'15
Social engineering techniques are becoming harder to stop, experts say
As more data moves online, social engineering techniques are becoming increasingly advanced and traditional training methods may not be enough to keep enterprises safe.
- March 25, 2015
25 Mar'15
Study finds lack of investment in mobile app security
The Ponemon Institute says enterprises are devoting millions of dollars to mobile application development, but barely any of the money is focused on security.
- March 25, 2015
25 Mar'15
Major browser makers revoke unauthorized Chinese TLS certificates
Google, Microsoft, and Mozilla have revoked unauthorized TLS certificates issued by an intermediate certificate authority that could have been used in man-in-the-middle attacks.
- March 25, 2015
25 Mar'15
Secunia: Better vulnerability reporting doesn't mean more patches
Secunia's 2015 Vulnerability Report shows that better vulnerability reporting and awareness of flaws doesn't necessarily mean vendors offer more patches or focus on the most critical issues.
- March 24, 2015
24 Mar'15
BandarChor: New ransomware based on old malware family emerges
Antivirus vendor F-Secure discovered BandarChor, a type of ransomware based on an existing malware family.
-
- March 23, 2015
23 Mar'15
Open source security tool indicates Android app vulnerability spike
A new open source security tool from CERT, dubbed 'Tapioca,' shows that Android app vulnerabilities are ubiquitous, according to new research from IBM.
- March 23, 2015
23 Mar'15
Cisco IP phones vulnerable to eavesdropping; no patch available yet
Cisco says a vulnerability in some of its IP phones for SMBs could allow eavesdropping. A fix is not yet available, but Cisco has offered mitigation techniques.
- March 20, 2015
20 Mar'15
At 2015 Pwn2Own competition, browser exploits in the spotlight
News roundup: Researchers at the 2015 Pwn2Own exploited every major Web browser, casting doubt on browser security once again. Plus: high-severity OpenSSL update; IE being phased-out in Windows 10; Americans dodging online surveillance.
- March 18, 2015
18 Mar'15
Experts: Consumer Privacy Bill of Rights may ease privacy compliance
The Consumer Privacy Bill of Rights proposed by the Obama administration is a good first step, according to experts, and may simplify privacy compliance for enterprises currently dealing with many different state laws.
- March 17, 2015
17 Mar'15
Yahoo’s attempt to kill off passwords raises security concerns
Yahoo’s attempt to kill off passwords by introducing an on-demand one-time passcode option for its email services has raised security concerns
- March 17, 2015
17 Mar'15
Microsoft warns of fake SSL certificate for Windows Live
Microsoft has warned that a fake security certificate has been issued for the Windows Live domain that could be abused by attackers
- March 16, 2015
16 Mar'15
Microsoft re-releases EMET 5.2 to fix IE bug
Update: Microsoft has re-released Enhanced Mitigation Experience Toolkit version 5.2 to correct a bug involving IE 11.
- March 13, 2015
13 Mar'15
Hillary Clinton email debate highlighted by security mistakes
News roundup: Hillary Clinton's decision to use a private email domain and server has created a firestorm over her email security mistakes. Plus: OpenSSL audit, Blue Coat acquisition, more Equation details emerge.
- March 13, 2015
13 Mar'15
Does Rowhammer mark a new wave of hardware vulnerabilities?
Experts agree that the Rowhammer vulnerability likely isn't an immediate threat to enterprises, but disagree on whether hardware vulnerabilities are about to reach a tipping point.
- March 11, 2015
11 Mar'15
Verizon 2015 PCI report: More achieve PCI compliance, but fail to keep it
The 2015 edition of the Verizon PCI report shows enterprises are, on the whole, getting better at achieving full PCI compliance. Unfortunately, few can sustain it.
- March 11, 2015
11 Mar'15
Study warns security certificates, cryptographic keys are in peril
A growing number of cryptographic keys and security certificates are being abused, according to a new study from cybersecurity firm Venafi and the Ponemon Institute.
- March 11, 2015
11 Mar'15
HP enterprise security: Can acquisitions lead to cohesive strategy?
Through acquisitions Hewlett-Packard has built a formidable lineup of enterprise security offerings, but experts question whether a strong brand can overcome legacy technology and a lacking endpoint strategy.
- March 10, 2015
10 Mar'15
March 2015 Patch Tuesday: Microsoft offers quick FREAK fix
Microsoft's March 2015 Patch Tuesday bulletins include a fix for the FREAK vulnerability, as well as five critical fixes, but surprisingly, an expert says one of the fixes deemed non-critical actually demands immediate attention.
- March 10, 2015
10 Mar'15
Venmo struggles put spotlight on mobile payment security
The mobile payment app maker responds to criticism by stepping up security with better verifications and notifications for email and phone number changes.
- March 10, 2015
10 Mar'15
Rowhammer takes a big swing at DRAM memory security
Google's Project Zero has detailed a new proof-of-concept exploiting the "rowhammer" DRAM flaw to allow for root access on various operating systems.
- March 09, 2015
09 Mar'15
For threat intelligence programs, ROI evaluation proves tricky
Threat intelligence programs are taking root in many enterprises, but experts say variables like disparate service offerings, pricing models and response capabilities make ROI evaluation a vexing proposition.
- March 09, 2015
09 Mar'15
Group claiming links to Isis hacks small business websites
The FBI is investigating the hacking of a number of SME websites in the US and Europe by people claiming affiliation with Islamic State
- March 06, 2015
06 Mar'15
Adobe's new twist on bug bounty programs: No cash for bug hunters
News roundup: Bug bounty programs can offer big rewards to researchers, unless Adobe is handing out the prizes. Plus: Signal 2.0 encryption app; app cloning risk increasing; Angler adopts 'domain shadowing' capability.
- March 05, 2015
05 Mar'15
Microsoft confirms Windows vulnerable to FREAK attack
The serious HTTPS FREAK exploit was thought to only affect Android, iOS, and MacOS, but Microsoft has confirmed that it also affects all supported versions of Windows.
- March 05, 2015
05 Mar'15
Emerging cyberthreats exploit battle between compliance and security
While regulatory compliance is valuable and necessary for enterprises, cyberthreat experts say a compliance-centric security strategy may leave organizations with few resources to ward off emerging cyberthreats.
- March 05, 2015
05 Mar'15
China and US cross swords over software backdoors
Barack Obama criticises Chinese plans to force tech firms trading in China to share encryption keys and put backdoors in software
- March 04, 2015
04 Mar'15
Big data security analytics: Can it revolutionize information security?
Demetrios Lazarikos describes the security big data system he implemented at retail giant Sears, as well as how it helped thwart retail fraud activity and how he convinced executives to support the implementation.
- March 04, 2015
04 Mar'15
Why Hillary can't mail
Reporting by The New York Times notwithstanding, it appears to this non-lawyer that Hillary Clinton probably didn't break any laws by using a personal email account to conduct state business. But ...
- March 04, 2015
04 Mar'15
Maturing NoSQL database security is key to big data analytics
NoSQL database security has taken a backseat to performance in Hadoop-based security big data analytics systems, but that may soon change thanks to growing demand and maturing NoSQL security products.
- March 03, 2015
03 Mar'15
Amid Apple Pay fraud, banks scramble to fix Yellow Path process
Banks are rushing to fix sloppy authentication processes at the heart of rising Apple Pay fraud. Experts also worry about potential fraud with other mobile payment systems.
- March 02, 2015
02 Mar'15
Q&A: Marcus Ranum chats with AT&T's CSO Ed Amoroso
There's no shortage of new security technology, but enterprise integration is still a major hang-up, says AT&T's chief of security.
- March 02, 2015
02 Mar'15
Uber database breach source of stolen driver information
Following the theft of data affecting about 50,000 of its drivers, Uber says it has filed a subpoena to obtain GitHub data that may pinpoint the source of its data breach.
- March 02, 2015
02 Mar'15
New scrutiny on bug bounties: Is there strength in numbers?
Bug bounty programs are a cool idea and often work, so why haven't they taken off for non-tech companies?
- March 02, 2015
02 Mar'15
Is the bug bounty program concept flawed?
Looking for security vulnerabilities? Tread lightly. The benefits of vulnerability rewards programs are great, but so are the risks.
- March 02, 2015
02 Mar'15
US retailer Natural Grocers investigates data breach
Natural Grocers is the latest US retailer to announce it is investigating a possible data breach involving customer payment cards
- February 27, 2015
27 Feb'15
Data breach consequences: Get breached, make money?
News roundup: Data breaches aren't associated with soaring stock prices, but recent examples show breaches may boost stocks. Plus: Gemalto confirms possibility of GHCQ/NSA hack; Target breach costs company $162 million; Superfish swims on.
- February 26, 2015
26 Feb'15
HP: Threat intelligence sources need vetting, regression testing
According to HP Security Research, threat intelligence best practices can be difficult to implement, and even the most trustworthy sources must be tested for fidelity.
- February 25, 2015
25 Feb'15
Google Project Zero changes fuel new vulnerability disclosures debate
Google's Project Zero has added more leeway to its vulnerability disclosure policy, but industry observers are split on whether 90 days is enough time to fix software flaws, or not enough time to manage a sensitive, resource-intensive process.
- February 25, 2015
25 Feb'15
3G and 4G phones not affected by NSA and GCHQ hack, says Gemalto
The world’s largest maker of Sim cards, Gemalto, says it has “reasonable grounds” to believe it was hacked by UK and US spy agencies in 2010 and 2011
- February 24, 2015
24 Feb'15
Macro viruses reemerge in Word, Excel files
Macro viruses haven't been popular since the early 2000s, but recent malware discoveries indicate that macro-infected Word and Excel files are on the rise.
- February 24, 2015
24 Feb'15
Business disruption cyber attacks set to spur defence plans, says Gartner
By 2018, 40% of organisations will have plans to address cyber-security business disruption attacks, up from 0% in 2015, says Gartner
- February 23, 2015
23 Feb'15
Slow adoption of DMARC policy leaves email vulnerable, vendor says
A new study finds that enterprises, especially healthcare companies, are slow to adopt the DMARC email authentication standard, making them vulnerable to malicious emailers.
- February 23, 2015
23 Feb'15
Cisco touts OpenAppID for internal application traffic visibility
Use of Cisco's OpenAppID application-layer traffic-detection tool is still modest compared to Snort, but the networking giant says it can help enterprises improve traffic visibility on internal applications.
- February 23, 2015
23 Feb'15
Lenovo faces lawsuit for pre-installing Superfish adware
A class action lawsuit has been filed against Lenovo after it was found to have pre-installed adware vulnerable to cyber attacks
- February 20, 2015
20 Feb'15
Maintaining vendor trust proves tough for Lenovo, Microsoft
News roundup: Amid hidden add-ons, discontinued services and walled gardens, vendor trust proves elusive for several high-profile tech firms. Plus: Evidence ties North Korea to Sony Pictures hack; card brands boost cybersecurity; and cookies that ...
- February 20, 2015
20 Feb'15
Flaws in alternative Android browsers pose underestimated risk
Exclusive: VerSprite research on 10 alternative Android browsers has found at least one major security vulnerability in all of them, posing a significant security risk for enterprise Android users.
- February 20, 2015
20 Feb'15
Gemalto denies knowledge of GCHQ and NSA Sim card hack
Gemalto says it cannot verify a report that it was hacked by the NSA and GCHQ to steal encryption keys
- February 18, 2015
18 Feb'15
Password reuse and password sharing prevalent in enterprises
The high percentage of password reuse and sharing by employees leaves enterprises vulnerable to breaches, according to a recent survey from SailPoint Technologies.
- February 18, 2015
18 Feb'15
When is an ISAC not an ISAC?
A lot of what went on at the White House Summit on Cybersecurity and Consumer Protection, held at Stanford University last week was for show — a reaction in particular to the attacks allegedly ...
- February 17, 2015
17 Feb'15
UTM vs. NGFW: Unique products or advertising semantics?
In comparing UTM vs. NGFW, organizations find it difficult to see if there are differences between the two products or if it is just marketing semantics.
- February 17, 2015
17 Feb'15
International spyware operation linked to NSA
The US National Security Agency has reportedly hidden surveillance software in the hard drives of several top computer makers
- February 13, 2015
13 Feb'15
Security information sharing: A double-edged sword
News roundup: While data sharing can boost intelligence and improve security, recent events show the benefits don't always outweigh the pitfalls. Plus: Chip-enabled POS systems coming quickly; MongoDB databases exposed; sophisticated phishing scams.
- February 13, 2015
13 Feb'15
Prevoty offers context-aware, automatic RASP
Though I’ll admit to a bit of skepticism about Runtime Application Self Protection (RASP), I was nevertheless impressed with a recent look at Prevoty. The two-year-old company’s product, which ...
- February 12, 2015
12 Feb'15
Report: Firewall policy management is a hot mess
A new report from FireMon finds that firewalls are still a critical security component, but firewall policy management is a major pain point for admins.
- February 10, 2015
10 Feb'15
February 2015 Patch Tuesday: Group Policy flaw tops three critical fixes
Microsoft's February 2015 Patch Tuesday release offers three critical fixes, including one for a dangerous Group Policy vulnerability, but does not patch a recently revealed IE XSS zero-day flaw.
- February 10, 2015
10 Feb'15
Will Chip and PIN technology boost payment card transaction security?
Visa and MasterCard are putting pressure on merchants to implement Chip and PIN technology, and while it will improve transaction security, it won't make PCI compliance any easier.
- February 10, 2015
10 Feb'15
Voltage Security acquisition to bolster HP's data protection offerings
HP has agreed to acquire encryption vendor Voltage Security. Gartner says the move will bolster HP's data protection and cloud security products.
- February 09, 2015
09 Feb'15
Security professionals warn against relying on cyber insurance
Security professionals have warned businesses not to rely on cyber insurance in the face of increased cyber attacks.
- February 06, 2015
06 Feb'15
Same-origin policy IE vulnerability may signal new attack trend
A new IE vulnerability has led to a proof-of-concept same-origin policy exploit, and some experts say it highlights a technique that may soon become popular among attackers.
- February 06, 2015
06 Feb'15
Budget, breach law highlight growing federal cybersecurity awareness
News roundup: With the proposed 2016 federal budget and push for a national data breach law, Washington may finally care about cybersecurity. Plus: Coviello to retire; Flash patched again; Sony Pictures breached by Russians and loses its co-chair.
- February 06, 2015
06 Feb'15
Report: Most enterprise security operations centers ineffective
A new report by HP shows most enterprise security operations centers fail to meet recommended maturity levels needed to detect and manage cybersecurity threats.
- February 05, 2015
05 Feb'15
Digitally signed malware risk on the rise, Kaspersky finds
Kaspersky reports digitally signed malware -- malicious files using legitimate digital certificates -- is a growing threat to enterprises, increasing four-fold in the past six years.
- February 05, 2015
05 Feb'15
US health insurer Anthem hacked, exposing up to 80 million records
Hackers have broken into a database at US health insurer Anthem said to contain the personal data of up to 80 million people
- February 04, 2015
04 Feb'15
Sony says cyber attack will cost $15m
Sony expects the investigation and remediation costs of the November 2014 cyber attack on its movie subsidiary will amount to $15m
- February 02, 2015
02 Feb'15
Adobe Flash patch promised this week for new zero-day bug
Trend Micro discovered a new zero-day bug in Adobe Flash that is being actively exploited in the wild. Adobe promises a patch for the vulnerability this week.
- January 30, 2015
30 Jan'15
GHOST Linux bug update: WordPress, other PHP applications vulnerable
PHP applications, including WordPress, are vulnerable to the GHOST Linux exploit, but overall the flaw may not be as dangerous as first thought.
- January 30, 2015
30 Jan'15
Will YouTube HTML5 transition mean the end of Flash security issues?
News roundup: YouTube announced it has stopped using Flash by default in favor of HTML5. Is this the long-awaited end for Flash? Plus: Java was the riskiest software in 2014; BEC scam cost $215 last year; NFL data interceptions.
- January 29, 2015
29 Jan'15
The politics of DDoS response
Reports of a 'hack back' DDoS attack by Sony stirred up acceptable use questions.
- January 27, 2015
27 Jan'15
Qualys finds GHOST: Critical Linux remote code execution flaw
A critical Linux vulnerability, called GHOST, has been found to affect glibc versions released since 2000, and could pose a remote exploit risk on many Linux systems.
- January 23, 2015
23 Jan'15
Detection vs. prevention: Ponemon report points to controversial trend
A Ponemon Institute report highlights the biggest risks to endpoint security, and what IT professionals plan to do to fight back, including one controversial tactic in malware protection.
- January 23, 2015
23 Jan'15
Patchapalooza: In 2015, software patches, software security flaws surge
News roundup: An of onslaught Adobe, Oracle, OpenSSL, Chrome and Firefox patches highlights the sad state of software security in 2015. Plus, security budgets increasing; HealthCare.gov security woes; false-positive alerts cost millions annually.
- January 23, 2015
23 Jan'15
CryptoWall 3.0: Ransomware returns, adopts I2P
Shortly after CryptoWall began using TOR to conduct transcations, a new version of the ransomware, dubbed CryptoWall 3.0, has begun using I2P.
- January 22, 2015
22 Jan'15
Report: Popularity of biometric authentication set to spike
Juniper Research claims that the popularity of biometric authentication will rise dramatically in the next five years, incorporating innovative technology beyond today's fingerprint sensors and voice authentication systems.
- January 21, 2015
21 Jan'15
Report: More than 90% of 2014 data breaches could have been prevented
The Online Trust Alliance finds that over 90% of data breaches resulting in data loss could have been prevented.
- January 21, 2015
21 Jan'15
Wasted spending on security shelfware affects small businesses more
Osterman Research and Trustwave report that organizations waste money on underutilized security software because IT often doesn't have enough time or resources to use it.
- January 20, 2015
20 Jan'15
ISACA: Majority of enterprises report cybersecurity workforce shortage
In its new 2015 Global Cybersecurity Status Report, ISACA finds that most organizations are aware of cyberattack risk, but few believe they have the capability to thwart a sophisticated attack.
- January 19, 2015
19 Jan'15
Android vulnerability highlights Google's controversial patch policy
WebView vulnerabilities in older versions of Android are putting the majority of Android devices at risk. Google will not provide patches, forcing enterprises to determine the risk posed by unpatched Android devices.
- January 19, 2015
19 Jan'15
Google's Project Zero reveals another Windows zero-day vulnerability
For the third time in one month, Microsoft couldn't meet Google's 90-day public disclosure deadline, leading to Project Zero's disclosure, though experts say this Windows zero-day vulnerability may have little value to attackers.
- January 16, 2015
16 Jan'15
Hardware security issues prove tough to find, harder to fix
News roundup: Recently discovered firmware flaws highlight the challenges posed by hardware security. Plus: Heartland's breach warranty; RSA's overhaul; and Download.com's app (in)security.
- January 16, 2015
16 Jan'15
Preview of 2015 Verizon PCI report hints at firewall compliance issues
In a sneak preview of its 2015 PCI Compliance Report, Verizon says improper firewall maintenance is among the leading causes of PCI DSS compliance failures.
- January 15, 2015
15 Jan'15
Cybersecurity training needed to raise number of skilled workers
A survey by ESG finds that IT has an ongoing problematic shortage of enterprise cybersecurity skills, and the problem is getting worse.
- January 14, 2015
14 Jan'15
Cybersecurity awareness can reduce infection risk up to 70%
A new study from Wombat Security and Aberdeen Group shows that boosting cybersecurity awareness and education among employees can reduce enterprise security risks and cost.
- January 13, 2015
13 Jan'15
Light January 2015 Patch Tuesday delivers one critical Windows fix
Microsoft's January 2015 Patch Tuesday updates include a critical Windows update for Telnet, and a fix for a controversial Windows 8.1 flaw disclosed two weeks ago. Plus: An expert says Adobe's critical Flash Player fix demands immediate attention.
- January 13, 2015
13 Jan'15
Cisco releases multiple WebEx security patches
The most important of the seven fixes for the WebEx Meeting Server platform remedies a flaw that could allow a cross-site request forgery attack.
- January 09, 2015
09 Jan'15
Fake SSL certificates enable variety of security threats, say experts
Experts say the security industry's 'blind trust' may result in a new wave of security threats caused by fake SSL certificates, including man-in-the-middle and DNS attacks.
- January 09, 2015
09 Jan'15
Sony Pictures hack recap: Experts debate North Korea's role
News roundup: The FBI maintains North Korea was behind the Sony Pictures hack, in spite of naysayers. Plus: Malware campaign attributed to Russia; new Mac OS X bootkit; cyberattack causes physical damage.
- January 09, 2015
09 Jan'15
Expert: Mobile malware risk rising, but still largely Android malware
Video: Mobile malware expert Chester Wisniewski of Sophos says most enterprises need not fear mobile malware today, but Android malware is a growing threat.
- January 08, 2015
08 Jan'15
Password security issues show case for privileged identity management
Video: Lieberman Software CEO Philip Lieberman explains how privileged identity management can shore up the many weaknesses of password-based authentication.
- January 06, 2015
06 Jan'15
IBM: Retail cyberattacks become less frequent, but more effective
Research from IBM indicates cyberattackers are going after retailers with surgical precision, using fewer attack attempts yet frequently compromising vulnerable databases.
- January 05, 2015
05 Jan'15
Evolving mobile security management thwarts unified endpoint management
Experts say unified endpoint management for mobile devices, laptops and desktops will take more time due to the complex, evolving demands of mobile security management.
- December 19, 2014
19 Dec'14
Home router security vulnerability exposes 12 million devices
Check Point has uncovered a widespread home router security vulnerability, dubbed Misfortune Cookie, that could allow attackers to gain control over millions of devices.
- December 12, 2014
12 Dec'14
Sony Pictures hacking back: The ethics of obfuscation
News roundup: Amid a devastating breach incident Sony Pictures is fighting back, raising legal and ethical questions. Plus: A big week in security acquisitions; Comcast sued over open Wi-Fi; and Yahoo announces vulnerability disclosure policy.
- December 09, 2014
09 Dec'14
FIDO Alliance releases 1.0 specifications for passwordless authentication
Amid growing fears of stolen credentials and data breaches, the FIDO Alliance released its long-awaited 1.0 specifications for passwordless and multifactor authentication systems.
- November 21, 2014
21 Nov'14
Encryption everywhere: Debating the risks and rewards
News roundup: As the industry responds to growing demand for end-to-end Internet encryption, some fear unintended consequences. Plus: Black hats wanted; Windows Phone survives Pwn2Own; webcam spying resurgence.
- November 17, 2014
17 Nov'14
Microsoft's Schannel security patch affecting TLS connections
Microsoft admitted that MS14-066, released last week to patch a serious Schannel security vulnerability, is causing some users to drop TLS connections.