The Tor Project recently started a program to help libraries install Tor relays as a way to protect the privacy of patrons and other Internet users. The program didn’t get too far, however, as the first library to install a relay had to turn it off after town police officials were contacted by Department of Homeland[…]
Researchers recently discovered a smattering of vulnerabilities in web applications and mobile applications belonging to companies like Yahoo, PayPal, Magento, and Shopify that could have led to account theft, session hijacking, phishing, among other consequences.
There is a series of stack buffer overflows in nearly 20 ICS products manufactured by Japanese vendor Yokogawa that can lead to remote code execution. The bugs affect a long list of the company’s products, which are used in a variety of industries around the world. The Yokogawa products are mainly control systems, plant-management systems, event-analysis[…]
Dennis Fisher talks to Gary McGraw about the challenges of scaling software security programs, the FTC’s security programs, and the current push for better security in medical devices.
A panel discussion at the Security of Things Forum debated the need for regulation to ensure the security and privacy of connected devices.
A San Diego-based password cracking group has taken a big step towards deciphering some of the 36 million odd passwords leaked in last month’s Ashley Madison breach
Car hacker Chris Valasek said at the Security of Things Forum that researchers looking at connected and embedded device security cannot ignore low-impact vulnerabilities.
A pair of modules included in the Drupal content management system have been updated to fix access bypass vulnerabilities that could allow an attacker to take actions on the behalf of some users. One of the modules fixed is the Twitter module, which allows users to take a variety of actions, including pulling in public[…]
Excellus BlueCross BlueShield, a large health care provider in New York state, says it was hit by an attack that began in 2013 and wasn’t discovered until last month, resulting in the compromise of members’ personal information, including Social Security numbers, addresses, financial and account information. The company did not specify how many people potentially[…]
About a decade ago, many large software makers learned some very difficult lessons about software security and building security into their products from the start. Some are still learning. The FTC and a variety of security experts are hoping that today’s crop of start-ups will not have to go through that same painful process. The FTC[…]