The US National Institute of Standards and Technology (NIST) this week recommended that IT professionals replace the SHA-1 cryptographic algorithm with newer, more secure ones.
NIST to Retire 27-Year-Old SHA-1 Cryptographic Algorithm
GitHub Announces Free Secret Scanning, Mandatory 2FA
Microsoft-owned code hosting platform GitHub this week announced multiple security improvements, including free secret scanning for public repositories and mandatory two-factor authentication (2FA) for developers and contributors.
EU Moves Closer to Sewing Up New Data Transfer Deal With US
The European Union moved closer to a clinching a revamped deal over transatlantic data transfers aimed at resolving concerns about U.S. spying with a draft decision that confirms “comparable safeguards” to those in the EU, which has stringent privacy rules.
Patch Tuesday: Microsoft Plugs Windows Hole Exploited in Ransomware Attacks
Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.
The operating system update, released as part of Microsoft’s scheduled Patch Tuesday, addresses a flaw that lets malicious attackers use rigged files to evade MOTW (Mart of the Web) defenses.
Adobe Patches 38 Flaws in Enterprise Software Products
After skipping last month, Adobe returned to its scheduled Patch Tuesday cadence with the release of fixes for at least 38 vulnerabilities in multiple enterprise-facing products.
The San Jose, California software maker said the flaws could expose users to code execution and privilege escalation attacks across all computer platforms.
VMware Patches VM Escape Flaw Exploited at Geekpwn Event
Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine escape bug exploited at the GeekPwn 2022 hacking challenge.
NSA Outs Chinese Hackers Exploiting Citrix Zero-Day
Virtualization technology giant Citrix on Tuesday scrambled out an emergency patch to cover a zero-day flaw in its networking product line and warned that a Chinese hacking group has already been caught exploiting the vulnerability.
Twitter Responds to Recent Data Leak Reports
Twitter has responded to recent data leak reports, confirming that the exposed information is the same as the one that was making the rounds earlier this year.
Fortinet Ships Emergency Patch for Already-Exploited VPN Flaw
Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the flaw in the wild.
Proofpoint Buys Deception Tech Startup Illusive Networks
Enterprise security vendor Proofpoint on Monday announced plans to acquire Illusive Networks, a startup that helped pioneer deception technology to help detect data breaches. Financial terms of the planned acquisition were not disclosed.
