In a new article in an academic math journal, the NSA’s former director of research says that the agency’s decision not to withdraw its support of the Dual EC_DRBG random number generator after security researchers found weaknesses in it and questioned its provenance was a “regrettable” choice. Michael Wertheimer, the former director of researcher at[…]
There is a hard-coded private SSL key present in a number of hardened, managed Ethernet switches made by GE and designed for use in industrial and transportation systems. Researchers discovered that an attacker could extract the key from the firmware remotely. The vulnerability exists in a number of GE Ethernet switches, including the GE Multilink[…]
Microsoft issued eight Patch Tuesday security bulletins, including a fix for a vulnerability disclosed by Google and another under active attack.
The Department of Homeland Security is doing an inadequate job assessing and addressing the risk posed by cyber threats to access control systems at federal facilities.
Adobe patched Flash Player , addressing nine vulnerabilities in the software including critical bugs that could allow an attacker to take control of an affected system.
Gitrob, an open source intelligence tool, helps security analysts search Github organization repositories for files not meant for public consumption.
David Cameron, speaking in the wake of the terror attack in Paris last week, said at an event Monday that the UK government can’t allow any form of communication that can’t be read.
Hardware hacker and security researcher Samy Kamkar has released a slick new device that masquerades as a typical USB wall charger but in fact houses a keylogger capable of recording keystrokes from nearby wireless keyboards.
President Obama today announced plans to propose a national data breach notification standard, a consumer privacy bill of rights, and privacy protection for students using electronic learning materials.
Microsoft called Google out over the weekend for publicly disclosing the details of a Windows privilege elevation vulnerability just a week before the company’s patch Tuesday release.