Security News

With 2015 more or less in the rear view mirror Mike Mimoso and Chris Brook discuss the year in security: Wassenaar, ransomware, mobile threats like Stagefright, Carbanak and Equation Group, and more.

Microsoft said starting March 31, 2016 it will detect and begin removing programs such as Superfish adware that inject ads into browsers and expose users to SSL interception.

Crypto and security experts digging into the Juniper backdoor have determined that attackers have subverted an alleged NSA backdoor in the Dual_EC_DRBG algorithm used in NetScreen firewalls.

Yahoo has announced it will follow in the footsteps of Twitter and Facebook and begin warning users when it believes their accounts have been targeted by a state-sponsored actor.

Oracle will be required to provide users with a mechanism to uninstall older and vulnerable versions of Java, following a settlement with the Federal Trade Commission.

The password protecting one of the two Juniper backdoors was published after it was discovered by researchers at Fox-IT and Rapid7.

Despite recently public concerns over the sunsetting of SHA-1, Google announced it will block new SHA-1 certs in Chrome as of Jan. 1, and all SHA-1 certs possibly by July 1, 2016.

Automation and energy management company Schneider Electric patched a vulnerability in one of its product lines this week that left a handful of programmable automation controllers at risk of being hacked.

Google announce it would, by default, begin giving HTTPS preference in search engine rankings.

Juniper Networks has removed "unauthorized code" capable of decrypting VPN traffic that it found in ScreenOS, which runs many of its enterprise-grade NetScreen firewalls.