SAN FRANCISCO–The problem of critical infrastructure security has become a key issue in the last few years, as high-profile attacks such as Stuxnet and others have grabbed headlines and alerted politicians and others to the weaknesses facing these vital systems. It’s an issue that Eugene Kaspersky has been thinking about for a long time, and[...]
Details of a targeted attack have emerged where hackers are using the Heartbleed OpenSSL vulnerability to hijack active VPN sessions to remotely access an enterprise.
The arts and crafts retail chain Michaels confirmed yesterday that most of its U.S. stores were breached for eight months and that the payment card information of nearly 3 million of its customers may have been compromised.
A number of ICS products from Siemens and Innominate are vulnerable to the OpenSSL heartbleed flaw, some of which do not have updates available yet. The list of products affected by the heartbleed vulnerability continues to grow by the day, with OpenVPN being one of the latest. A researcher on Friday said that he was[...]
Swedish VPN providers Mullvad report that private keys moving through OpenVPN installations are not immune to Heartbleed OpenSSL exploits.
Researchers published a video this week demonstrating that Samsung’s latest entry in the smartphone arena, the Galaxy S5, is vulnerable to a hack that as crude as may seem involves lifting and copying fingerprints to trick the phone’s sensor.
The openSSL heartbleed has led to a huge increase in the number of SSL certificates being revoked, as site owners and hosting providers go through the process of replacing vulnerable certificates.
The Tor Project is in the process of rejecting exit nodes vulnerable to the Heartbleed OpenSSL vulnerability after researcher Collin Mulliner discovered more than 1,000 leaking plaintext traffic.
Dennis Fisher talks with Kaspersky Lab security researcher Kurt Baumgartner about the specter of APT attacks in enterprises, what kind of tactics APT attackers are using now and the effect of the Heartbleed openSSL bug on the certificate authority system.
A Federal court struck down Lavabit’s appeal today, affirming contempt sanctions against the now-shuttered secure email provider that was forced to release SSL keys to the FBI.