Latest News

A serious SQL injection vulnerability was patched on Tuesday by WordPress developers with the release of version 4.8.3.

Earlier this year a new ransomware, dubbed ONI, was discovered in Japan. It is described as a sub-species of the GlobeImposter ransomware. Researchers blogged in July, "When it infects it, it encrypts the file, assigns the extension .oni to the filename, and asks for payment to decrypt it."

Francisco Partners Acquires Comodo's Certifiate Authority Business Tech-focused private equity firm Francisco Partners announced on Tuesday that it has acquired Comodo CA Limited, Comodo’s certificate authority business, for an undisclosed amount.

Google is planning to deprecate and eventually completely remove support for public key pinning (PKP) from the Chrome web browser.

Firefox will soon provide users with increased privacy by blocking browser fingerprinting performed through the HTML5 canvas element.

Threat intelligence provider Recorded Future today announced that it has raised $25 million in a Series E round of funding Led by Insight Venture Partners.

Mozilla has raised some concerns regarding DigiCert acquiring Symantec’s website security and related public key infrastructure (PKI) solutions after major web browser vendors announced that certificates issued by the security firm would no longer be trusted.

Windigo, a malicious operation uncovered over three years ago, continues to be active despite a takedown attempt in 2014 and the sentencing of one conspirator in August 2017.

In industrial organizations, security is traditionally divided across three silos: physical security, IT security and operational  security (plant security and system integrity). This divide makes it more difficult for facilities operators to identify and respond to incidents.

North Korea has slammed Britain for accusing it of being behind a global ransomware attack that hit the National Health Service, calling the allegation a "wicked attempt" to further tighten international sanctions against Pyongyang.

IBM Security announced on Tuesday the launch of a product designed to help banks and other service providers protect their customers against new account fraud (NAF).

Security has never been about being ‘secure’ or ‘insecure’; I think we as an industry of professionals can broadly agree on this. What we don’t seem to agree on, pretty much ever, is how to strike the balance of good enough security.

A bug bounty hunter has earned more than $15,000 from Google after finding several potentially serious vulnerabilities related to the company’s Issue Tracker, including one that exposed the details of unpatched flaws.

FireEye on Monday released a tool designed to help red teams manage password cracking tasks across multiple GPU servers. Called GoCrack, the open source tool provides an easy-to-use, web-based real-time UI to create, view, and manage password cracking tasks. 

The Sage ransomware, which emerged toward the beginning of this year, has added new functionality that allows it to escalate privileges and evade analysis.