Socat published a security advisory warning users that a hard-coded 1024 Diffie-Hellman prime number was not prime, and that an attacker could listen and recover secrets from a key exchange.
Researchers at Rapid7 disclosed details on patched vulnerabilities in the Web APIs of toys from Fisher-Price and hereO that exposed the personal data of children.
While the government still covets exceptional access to encrypted data, a Harvard paper says that plenty of surveillance opportunities remain, especially with the Internet of Things, metadata and more.
Google’s monthly Android Security Bulletin includes a patch for a critical flaw in the Broadcom Wi-Fi driver and another set of exploitable issues in Mediaserver.
The bot Kasidet, also known as Neutrino, is being spread via macros in Microsoft Office documents.
A group of researchers are encouraging any smartphone users who own an L3 G3 to upgrade their devices after coming across a serious security vulnerability in the devices.
Mike Mimoso and Chris Brook discuss the news of the week, including the latest on the BlackEnergy APT Group, Amazon getting into the SSL certificate game, and government agencies being told to audit their systems for the Juniper backdoor.
Online malware scanner VirusTotal said it now supports firmware files and can scan uploads for malware implants and other infections.
Oracle has finally announced its intent to nail the coffin shut on its Java browser plugin.
The OpenSSL project team today patched two vulnerabilities in the crypto library, one of which is rated high severity.