Encryption in 2016: Small victories add up
The move from SHA-1 to SHA-2, a Congressional victory over backdoors, and the rise of encrypted communications are leading us toward a more secure world
Stories by Fahmida Y. Rashid
Nmap security scanner gets new scripts, performance boosts
Nmap 7.40 has new scripts that give IT administrators improved network mapping and port scanning capabilities
Google open-sources test suite to find crypto bugs
Developers can use Project Wycheproof to test cryptographic algorithms against a library of known attacks to uncover potential weaknesses
How Windows 10 data collection trades privacy for security
Here's what data each telemetry level collects and the price you pay to send the least telemetry to Microsoft
NTP fixes denial-of-service flaws
Attackers can exploit NTP to generate large volumes of junk traffic for distributed denial-of-service attacks. Update NTP to keep your servers out of the DDoS botnet
10 AWS security blunders and how to avoid them
Amazon Web Services is easy to work with -- but can easily compromise your environment with a single mistake
Windows GDI flaw leads to PowerShell attacks
APT group FruityArmor exploited Windows GDI memory handling to break out of browser sandboxes and launch PowerShell in targeted attacks
Stupid encryption mistakes criminals make
Blown cover: Malware authors show how easy it is to get encryption wrong and, in the process, help security pros crack their code
ISPs mind their MANRS to block DDoS attacks
The Internet Society's MANRS initiative improves Internet security by asking ISPs to clean up their routing rules and check network traffic
A first: ICANN will generate new DNSSec key
The update is a serious and critical undertaking that will ensure greater DNS security
ISC updates critical DoS bug in BIND DNS software
The denial-of-service flaw in BIND can be triggered by specially crafted DNS packages and is capable of knocking critical servers offline
What’s in your code? Why you need a software bill of materials
When developers and suppliers carefully list the tools used to build an application and what third-party components are included, IT can improve software patching and updates
Lockdown! Harden Windows 10 for maximum security
To make the most of Windows 10's security improvements, you must target the right edition and hardware for your needs
Tenable brings network visibility into Google Cloud Platform
Tenable SecurityCenter Continuous View gives IT administrators visibility over their applications hosted in Google Cloud Platform.
Google patches critical bug on Android Nexus 5X devices
The vulnerability, which Google has patched, could let attackers obtain the password for locked Nexus 5X devices and access device contents