NIST announced it has removed the Dual EC DRBG random number generator from a draft guidance on RNGs; the move could become official next month after a public comment period expires.
Developers who produce apps intended for use on internal networks at government agencies are getting a vetting process of their own called AppVet.
Google announced it will add additional security checks to log-in attempts from applications or devices that do not support OAuth 2.0.
LibreSSL, a fork of OpenSSL, has already made “improvements” in OpenSSL programming practices according to OpenBSD officials.
Officials at Iowa State University said Tuesday that the personal data of nearly 30,000 alumni, including Social Security numbers, was compromised during a data breach.
There is no shortage of bad advice online about crypto–or anything else, for that matter. And the recent mess involving the OpenSSL heartbleed vulnerability has brought out plenty of advice on building, implementing and repairing cryptosystems, but experts say that the fundamental truths about how to do these tasks hasn’t changed much. Cryptosystems are the[...]
A slew of old AOL email accounts were hacked over the weekend to send spam to other users.
Apple has fixed a serious security flaw that’s present in many versions of both iOS and OSX and could allow an attacker to intercept data on SSL connections.
Weak or default credentials, poor configurations and a lack of patching are common denominators in most data breaches, according to the 2014 Verizon Data Breach Investigations Report.
The 2014 Verizon Data Breach Investigations Report reveals that point-of-sale intrusions are down, Web applications attacks are up, and DDoS and cyberespionage attacks merit watching.