NIST announced it has removed the Dual EC DRBG random number generator from a draft guidance on RNGs; the move could become official next month after a public comment period expires.
A slew of old AOL email accounts were hacked over the weekend to send spam to other users.
Apple has fixed a serious security flaw that’s present in many versions of both iOS and OSX and could allow an attacker to intercept data on SSL connections.
Weak or default credentials, poor configurations and a lack of patching are common denominators in most data breaches, according to the 2014 Verizon Data Breach Investigations Report.
The 2014 Verizon Data Breach Investigations Report reveals that point-of-sale intrusions are down, Web applications attacks are up, and DDoS and cyberespionage attacks merit watching.
CloudFlare is launching a new vulnerability disclosure program in conjunction with the HackerOne bug-bounty platform.
Amidst all of the fallout related to Heartbleed, Oracle is doing its best to keep users apprised of its efforts to patch any and all software that may be vulnerable to the OpenSSL issue.
An ICS protocol sniffer has been released to GitHub. OpenICS builds data dictionaries, rather than signatures, from the packets it captures in order to help business leaders make security decisions.
One of the consequences of the drama around the OpenSSL heartbleed vulnerability is that security experts have begun taking a hard look again at the certificate revocation process and whether it actually protects users or gives them any visibility into the validity of a given certificate. In a lot of cases, the answer is probably no.
Details of a targeted attack have emerged where hackers are using the Heartbleed OpenSSL vulnerability to hijack active VPN sessions to remotely access an enterprise.