Mozilla has proposed banning new SHA-1 certificates from Chinese Certificate Authority WoSign for one year after it accused the CA of back-dating the deprecated certs.
iPhone users can now use Signal’s secure messaging app between their iOS device and their Mac OS or Windows desktops.
Facebook finished porting its SQL-powered detection tool, osquery, to Windows this week.
Google released CSP Evaluator and CSP Mitigator to aid developers in building better Content Security Policy protections for web applications.
APT gang Sofacy is targeting Mac OS X users with a Trojan that allows an attacker to execute remote commands on infected systems.
Crypto company Venafi points out potential holes in Yahoo's processes and policies around cryptography and digital certificates, any of which could have been exploited in the breach to move data off the Yahoo network.
Developers behind the malicious downloader Hancitor have bolstered the malware again, this time with new delivery approaches that make it more difficult to detect.
Researchers have identified a new ransomware strain that spoofs tracking services via spam messages and contain URLs that link to malicious files.
OpenSSL’s most recent update introduced a critical vulnerability in the crypto library, forcing an emergency update today.
OpenSSL patched a high-severity vulnerability in its deployment on the Online Certificate Status Protocol, and also mitigated the SWEET32 attack.