NIST announced it has removed the Dual EC DRBG random number generator from a draft guidance on RNGs; the move could become official next month after a public comment period expires.
Browsing Author: Michael Mimoso
Weak or default credentials, poor configurations and a lack of patching are common denominators in most data breaches, according to the 2014 Verizon Data Breach Investigations Report.
The 2014 Verizon Data Breach Investigations Report reveals that point-of-sale intrusions are down, Web applications attacks are up, and DDoS and cyberespionage attacks merit watching.
An ICS protocol sniffer has been released to GitHub. OpenICS builds data dictionaries, rather than signatures, from the packets it captures in order to help business leaders make security decisions.
Details of a targeted attack have emerged where hackers are using the Heartbleed OpenSSL vulnerability to hijack active VPN sessions to remotely access an enterprise.
Swedish VPN providers Mullvad report that private keys moving through OpenVPN installations are not immune to Heartbleed OpenSSL exploits.
The Tor Project is in the process of rejecting exit nodes vulnerable to the Heartbleed OpenSSL vulnerability after researcher Collin Mulliner discovered more than 1,000 leaking plaintext traffic.
Netcraft reports that certificates on 80,000 of the half-million Web servers vulnerable to Heartbleed exploits have been revoked.
A cryptanalysis of TrueCrypt, the second half of an audit of the open source encryption software, will involve a small team of experts who will manually audit the code.
Microsoft has updated its free Threat Modeling Tool with enhancements to the threat-generation logic, a new drawing surface and the ability to migrate old threat models and definitions.