encryption
Connected devices riddled with badly-coded APIs, poor encryption
The advent of home automation and rapid rise of smart home connected devices is seeing some vendors and new startups scramble to become a part of the movement, with ABI …
Android apps based on Adobe AIR SDK send out unencrypted data
Developers using the Adobe AIR SDK should update to the latest version of the software development kit and rebuild the apps as soon as possible if they don’t want their …
Chrome will start labeling some HTTP sites as non-secure
Slowly but relentlessly, Google is pushing website owners to deploy HTTPS – or get left behind. The latest announced push is scheduled for January 2017, when Chrome 56 …
Secure mobile communications explained
For a typical consumer, seeing Secured by SSL is all it takes to reassure them that whatever they are doing online is safe and secure. Awareness also teaches these same users …
60+ million Dropbox login credentials have been stolen
A breach disclosed by Dropbox in 2012 has resulted in the theft of usernames and hashed and salted passwords of over 60 million users. At the time, the company did not give …
DNSSEC: Don’t throw the baby out with the bath water
A recent report raiseed concerns about the abuse of DNSSEC to conduct DDoS attacks. The article reported that DNSSEC-signed domains can be used to conduct reflected DDoS …
Review: iStorage datAshur Pro
Whenever I travel, I take data I might need with me on a secure USB flash drive. Ages ago, I would encrypt these files with GPG and move them to a generic USB drive. After …
Display the cryptographic signing information about any file on your Mac
Verifying a file’s cryptographic signature can help the user deduce its trustability. If you’re using OS X, there is no simple way to view a file’s signature from …
18-year-old random number generator flaw fixed in Libgcrypt, GnuPG
Researchers have discovered a “critical security problem” that affects all versions of the Libgcrypt cryptographic library and, therefore, all versions of the …
Attackers can hijack unencrypted web traffic of 80% of Android users
The recently revealed security bug (CVE-2016-5696) in the TCP implementation in the Linux kernel that could allow attackers to hijack unencrypted web traffic without an MitM …
Google Duo: Simple, encrypted, video calling app
Google Duo is a simple 1-to-1 video calling app available for Android and iOS. In order to use Google Duo all you need is your phone number, no separate account is necessary. …
CRIME, TIME, BREACH and HEIST: A brief history of compression oracle attacks on HTTPS
The HEIST vulnerability was presented at Black Hat USA 2016 by Mathy Vanhoef and Tom Van Goethem. In this presentation, new techniques were presented that enhanced previously …
Featured news
Resources
Don't miss
- Attackers are exploiting auth bypass vulnerability on FortiGate firewalls (CVE-2025-59718)
- Why vulnerability reports stall inside shared hosting companies
- Zabbix: Open-source IT and OT observability solution
- How exposure management changes cyber defense
- European police busts Ukraine scam call centers