Information Security News

Badlock vulnerability proves a bust for responsible disclosure
April 2016 Patch Tuesday: Badlock isn't a priority
WordPress SSL now free for hosted sites, thanks to Let's Encrypt
Encrypted messaging for all, as WhatsApp encryption announced
OSVDB shutdown leaves questions for vulnerability databases
Gmail BREACH attack gets much faster but still easy to stop
Apple-FBI suit dropped, but crypto wars continue
Ransomware vaccine promises protection, but experts are wary
Badlock flaw hits Samba, Windows and responsible disclosure
Report: 1.5 million Verizon Enterprise customer records stolen
DOJ finds successful iPhone crack; drops backdoor bid, for now
Congress considers 'going dark' encryption legislation
Outbreak of ransomware attacks hit hospitals, enterprises
FBI iPhone backdoor case on hold, as potential hack surfaces
Stagefright exploit created with reliable ASLR bypass
Apple court filing challenges iPhone backdoor as rhetoric heats up
Google boosts HTTPS, Certificate Transparency to encrypt Web
Automated penetration testing prototype uses machine learning
Phishing campaign takes ransomware attacks to a global scale
Java vulnerability report strains responsible disclosure
DROWN attack: TLS under fire again
Crowdsourced vulnerability patching could save us all
March 2016 Patch Tuesday highlights Windows 10 security
AI may soon find and patch a software bug automatically
McCaul pitches encryption commission to solve 'going dark' problem
Military-grade security focuses on isolation and action
Cybersecurity checklist a strategy tool for increasing attack costs
Admiral Rogers, chief of U.S. Cyber Command, seeks cooperation
DOD announces 'Hack the Pentagon' bug bounty program
Government encryption backdoor debate is more nuanced at RSAC
Cybercrime trends point to growing sophistication
Bruce Schneier on IBM grabbing him up with Resilient Systems
Diffie, Hellman win Turing Award; cryptography research update
Yoran: Solve cybersecurity challenges with creativity, encryption
Microsoft sounds the bell for strong encryption, privacy
Lines drawn in iPhone backdoor case; Apple gets backup
Microsoft EMET vulnerability turns tool against itself
PCI DSS 3.2 marks the end of major updates to the standard
DHS posts CISA rules for reporting cyberthreat indicators
RSA Conference 2016 preview: IoT and encryption take center stage
Data breach lawsuits indicate a troubling trend for enterprises
Security startups vie for honors in RSA Innovation Sandbox
Court rules Apple needs iPhone backdoor; Tim Cook opposes
Ransomware attack causes internal emergency at Hollywood hospital
Study: IT staff pressured to buy useless cybersecurity products
Uncertainty over Privacy Shield as Facebook faces penalties
IRS hack leveraged stolen Social Security numbers
Congress Republicans rebuff Obama cyber budget effort
February 2016 Patch Tuesday: IE Flash vulnerabilities get a bulletin
Social engineering attack leads to leaked info on 20,000 FBI agents
Researchers offer motive behind China cyberattacks
Former CIA/NSA director Hayden supports strong encryption
Costly government cybersecurity system needs major changes
Harvard report: Metadata means there is no 'going dark' for the FBI
Deadline looms for Safe Harbor framework successor
OpenSSL patch fixes encryption flaw and strengthens Logjam defense
Oracle closing an attack vector by deprecating the Java browser plug-in
Congress demands Juniper backdoor audits by government agencies
Fortinet SSH vulnerability more widespread than thought
Will California ban smartphone encryption?
Linux kernel vulnerability has unknown risk, but Google has fix
Cisco Security Report: Dwell time and encryption security struggles
David Chaum's cMix: New tool for anonymity on the Internet
DHCP servers must be patched against denial-of-service attacks
Trend Micro Password Manager flaw; backdoors and passwords
Microsoft Silverlight patch might be a Hacking Team zero day
January 2016 Patch Tuesday: Address-spoofing patch starts the new year
OAuth vulnerabilities must be fixed in the standard
Warning: Internet Explorer end of life for 8, 9 and 10 on Tuesday
NSA whistleblower William Binney: Bulk data collection costs lives
MD5 vulnerability renews calls for faster SHA-256 transition
Blackphone vulnerability patched to prevent phone hijacking
Russian actors accused of attacking Ukraine with BlackEnergy malware
China's anti-terror law mandates tech firm cooperation
Adobe issues emergency patch for critical Flash vulnerabilities
Open database exposes 191 million voter registration records
Google accelerates Chrome SHA-1 deprecation schedule
Juniper firewall backdoors add fuel to encryption debate
PCI DSS 3.1 deadline for TLS migration pushed back
Compliance costs expected to rise as EU GDPR advances
CISA added to budget omnibus, with privacy protection stripped
Experts: Lawmakers don't understand encryption backdoor problems
Old Microsoft Kerberos vulnerability gets new spotlight
Symantec asks browser makers to distrust one of its root certificates
Governments weigh strong encryption vs. terror threats
FBI: Encryption backdoor laws are unnecessary, if companies comply
FBI admits to using zero-day exploits, not disclosing them
December 2015 Patch Tuesday: DNS query and zero-day flaws fixed
Temporary workers cause access management troubles over the holidays
HTML5 support could mean Adobe Flash end of life
First-ever high-level talks on US-China cyber issues
Alleged OPM breach hackers arrested by Chinese government
Experts question customized TLS implementation after Amazon s2n flaw
Amex credit card hack predicts replacement card number
Dell fixes root certificate issue reminiscent of Superfish
Lessons learned from the Adobe data breach
Safe Harbor framework update in danger of capsizing
Experts: DNSSEC protocol can't be worse than certificate authorities
TechTarget Survey: IT risk management, compliance top tasks
Going dark: FBI continues effort to bypass encryption
More