Google announced this week the introduction of a new Certificate Transparency (CT) log for certificate authorities (CAs) that have been removed from trusted root certificate programs and ones that are in the process of being included.
read more
Microsoft, Samba Preparing Patch for Severe “Badlock” Flaw
Microsoft and Samba developers are working on patching a severe vulnerability that is said to affect almost every version of Windows and Samba.
Samba is an open-source interoperability software suite that provides file and print services to SMB/CIFS clients. In addition to Windows, Samba also runs on UNIX, Linux, IBM System 390, OpenVMS and other operating systems.
read more
‘Syrian Electronic Army’ Members Face Hacking Charges
US authorities Tuesday unveiled criminal charges against three members of the so-called "Syrian Electronic Army," which gained notoriety for hacking into news media outlets and making bogus social media posts.
read more
Apple-FBI Encryption Showdown Postponed, for Now
The US government's decision to delay its effort to force Apple to help unlock an attacker's iPhone may only postpone the inevitable drawn-out battle over encryption and data protection.
read more
Yahoo Kills Passwords in Multiple Mobile Apps
Yahoo has expanded its password-free approach to user security to more applications for Android and iOS devices, namely Yahoo Finance, Fantasy, Messenger, and Sports.
read more
StartSSL Flaw Allowed Attackers to Obtain SSL Cert for Any Domain
Popular certificate authority StartSSL (StartCom) has resolved a security vulnerability in its domain validation process that could be abused by attackers to issue certificates for domains they do not own.
read more
Uber Offers up to $10,000 in Bug Bounty Program
Uber announced on Tuesday the launch of a bug bounty program whose goal is to encourage security researchers to responsibly disclose vulnerabilities found in the ride-sharing company’s websites and applications.
read more
Malvertising Campaign Abuses Baidu Ad API
Researchers at FireEye discovered a malvertising campaign in which attackers delivered malware by abusing a legitimate ad API provided by Chinese web services company Baidu.
read more
Attackers Alter Water Treatment Systems in Utility Hack: Report
Hackers breached a water utility and manipulated systems responsible for water treatment and flow control, Verizon said in a report released this month.
read more
Surviving Contact with the Enemy
Strategy without the ability to execute is destined to fail, and execution without forethought will face the same fate.
Most individuals find it difficult to think in terms of direction and action, so what happens when you have to juggle the two priorities? How do security executives strike the right balance, while aligning to business priorities, operational capabilities and their threats?
read more
