Google released the latest build of its browser Tuesday, Chrome 41.0.2272.76, patching 51 different bugs and paying out over $50,000 in bounties.
D-Link is in the midst of pushing out firmware updates for eight of its home router models, addressing three serious remote code injection vulnerabilities.
Worlds collide as Dennis Fisher talks with Patrick Gray of the Risky Business podcast about security journalism, how much and how little has changed in the industry in the last 15 years and whether we’re making any progress in the fight against attackers.
The next version of Mozilla Firefox will include a new certificate revocation list that will speed up and streamline the process of revoking intermediate certificates trusted by the browser. The new feature, known as OneCRL, is meant as a replacement for the old OCSP (online certificate status protocol) system that is used now to check[…]
The Angler Exploit Kit has begun using domain shadowing as a technique to avoid detection and blocking, researchers at Cisco Talos said.
A new type of POS malware, LogPOS, is using technology that evades detection by letting the malware inject code while it shuttles stolen credit card numbers to its C+C server.
For the nth time in the last couple of years, security experts are warning about a new Internet-scale vulnerability, this time in some popular SSL clients. The flaw allows an attacker to force clients to downgrade to weakened ciphers and break their supposedly encrypted communications through a man-in-the-middle attack. Researchers recently discovered that some SSL[…]
Google has made a subtle, but important, shift in the requirements for Android handset makers, saying now that OEMs manufacturing phones that will run Lollipop do not have to enable disk encryption by default. This is a major change from the company’s stated position from just a few months ago, but it may not have[…]
A GAO report takes the Federal Aviation Administration to the woodshed over its sub-par information security controls and policies.
Signal 2.0 is available from Open WhisperSystems, and brings encrypted messaging to the iPhone.