UPDATE – The Apache Software Foundation will re-issue at patch for a ClassLoader manipulation zero-day vulnerability in Struts. The fix is expected to be ready within 72 hours; a workaround is available.
Mozilla is offering a $10,000 bug bounty for serious security vulnerabilities in a new cryptography library it plans to release along with Firefox 31.
After the dust had started to settle in the wake of the OpenSSL Heartbleed vulnerability earlier this month, one of the common sentiments that emerged was that the small group developing and maintaining the software needed some help. And money. And resources. But mostly money. Now, the OpenSSL Foundation, along with a number of other […]
Google announced it will add additional security checks to log-in attempts from applications or devices that do not support OAuth 2.0.
Officials at Iowa State University said Tuesday that the personal data of nearly 30,000 alumni, including Social Security numbers, was compromised during a data breach.
A slew of old AOL email accounts were hacked over the weekend to send spam to other users.
CloudFlare is launching a new vulnerability disclosure program in conjunction with the HackerOne bug-bounty platform.
Amidst all of the fallout related to Heartbleed, Oracle is doing its best to keep users apprised of its efforts to patch any and all software that may be vulnerable to the OpenSSL issue.
One of the consequences of the drama around the OpenSSL heartbleed vulnerability is that security experts have begun taking a hard look again at the certificate revocation process and whether it actually protects users or gives them any visibility into the validity of a given certificate. In a lot of cases, the answer is probably no.
Details of a targeted attack have emerged where hackers are using the Heartbleed OpenSSL vulnerability to hijack active VPN sessions to remotely access an enterprise.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
