Mozilla has asked all certificate authorities (CAs) to revoke subordinate CA certificates currently used for corporate SSL traffic management, offering an amnesty to any CAs that had breached Mozilla's conditions for having their root certificates ship with its products.
Stripping OCSP (Online Certificate Status Protocol) and CRL (certificate revocation list) checks from Google Chrome could have dangerous implications because it will turn Google into a single point of failure, according to security vendor Symantec.
Cybercriminals have started launching distributed denial-of-service (DDoS) attacks against networks that transmit data over IPv6 (Internet Protocol version 6), according to a <a href="http://ddos.arbornetworks.com/2012/02/a-milestone-in-ipv6-deployment/">report</a> published recently by DDoS mitigation vendor Arbor Networks.
A new version of the Waledac malware has been spotted on the Internet, but unlike previous variants, which were mainly used for spamming purposes, this one steals various log-in credentials and BitCoins, a type of virtual currency.
Google released a new version of its Chrome browser on Wednesday in order to update the bundled Flash Player plug-in and address serious security vulnerabilities.
Mozilla plans to ask all certificate authorities to review their subordinate CA certificates and revoke those that could be used by companies to inspect SSL-encrypted traffic for domain names they don't control.
Cryptome.org, a website dedicated to disclosing confidential information, was compromised last week and was used to infect PCs running Internet Explorer through drive-by exploits.
Valve has informed users of its Steam online game distribution platform that hackers have probably downloaded encrypted credit card transaction data from a backup database during an intrusion last year.
Encouraged by the success of its Web and Chromium vulnerability reward programs, Google has decided to expand their scope in order to cover security issues in Chromium OS as well.
A computer Trojan that targets online banking users is evolving and spreading rapidly because its creators have adopted an open-source development model, according to researchers from cyberthreat management firm Seculert.
Spammers are impersonating well-known Android software developers in order to distribute rogue apps through the official Android Market.
Google plans to remove online certificate revocation checks from future versions of Chrome, because it considers the process inefficient and slow.
Digital Certificate Authority (CA) Trustwave revealed that it has issued a digital certificate that enabled an unnamed private company to spy on SSL-protected connections within its corporate network, an action that prompted the Mozilla community to debate whether the CA's root certificate should be removed from Firefox.
Both the number and volume of distributed denial-of-service attacks are increasing, according to new reports from DDoS mitigation companies Prolexic and Arbor Networks.
Adobe has released a beta version of Flash Player for Firefox, which has better protection against vulnerability exploits because of a new sandboxed architecture.