Security News

Researchers from Arbor Networks' Security Engineering and Response Team (ASERT) say they have unearthed fresh leads on the tools and techniques used in the most recent wave of Shamoon attacks.

Mike Mimoso and Chris Brook recap RSA and discuss the news of the week including the impact of Cloudflare's "Cloudbleed" bug, Google breaking SHA-1, and more.

Cloudflare has fixed an issue where its customer traffic was leaking memory that included sensitive information including authentication cookies, POST data and more.

By making the Vulnerability Equities Process law, advocates of the idea argue there would be more reliability, transparency and accountability in the process of government vulnerability disclosure.

Researchers unveiled the first-ever practical collision attack the cryptographic hash function SHA-1.

Existing mitigations and limitations around a newly disclosed Linux kernel vulnerability in the DCCP module mute the potential impact of local attacks.

Newly disclosed FTP injection vulnerabilities in Java and Python that are fueled by rather common XML External Entity (XXE) flaws allow for firewall bypasses.

Microsoft's delayed release of its February security bulletins leaves users exposed to a pair of already publicly disclosed vulnerabilities.

Sites still vulnerable to a REST API endpoint flaw in WordPress are now being targeted by attackers trying to turn a profit.

New file-sharing protocols and interfaces called Upspin have been released to open source. Built by Google, Upspin returns access control and data security to the user.