Microsoft blacklists fraudulently issued SSL certificate
Microsoft released an update to blacklist an SSL certificate for one of its domain names that was issued to an unauthorized third party.
Microsoft released an update to blacklist an SSL certificate for one of its domain names that was issued to an unauthorized third party.
In an effort to simplify authentication for its services, Yahoo has introduced a new mechanism that allows users to log in with temporary passwords that are sent to their mobile phones.
Over a million WordPress websites that use a popular plug-in to optimize their search engine results are at risk of being hacked if they don't apply a newly released patch.
A new tool allows hackers to generate URLs that can hijack accounts on sites that use Facebook Login, potentially enabling powerful phishing attacks.
Adobe Systems launched a new program that encourages security researchers to find and report vulnerabilities in the company's websites and other online services.
Aggressive adware applications that break the trust between HTTPS (HTTP Secure) websites and users have been at the center of controversy lately. But over the past week, HTTPS interception flaws of varying severity were also found in security programs, with products from antivirus vendor Bitdefender being the latest example.
European law enforcement agencies seized command-and-control servers used by Ramnit, a malware program that steals online banking credentials, FTP passwords, session cookies and personal files from victims.
As a result of reports received through its bug bounty program Facebook confirmed and fixed 61 high-severity vulnerabilities last year, almost 50 percent more than in 2013.
New cases of insecure HTTPS traffic interception are coming to light as researchers probe software programs for implementations that could enable malicious attacks. The latest software to open a man-in-the-middle hole on users' PCs is a new version of PrivDog, an advertising product with ties to security vendor Comodo.
On Thursday security researchers warned that an adware program called Superfish, which was preloaded on some Lenovo consumer laptops, opened computers to attack. However, it seems that the same poorly designed and flawed traffic interception mechanism used by Superfish is also used in other software programs.
Lenovo has admitted it "messed up badly" by pre-loading software on some consumer laptops that exposed users to possible attack, and said it will soon release a tool to remove it.
Google has released a security scanner to help its cloud customers guard against attacks on their Web applications.
Some Windows laptops made by Lenovo come pre-loaded with an adware program that exposes users to security risks.
Starting with Windows 10, Internet Explorer will allow users to access some websites only over SSL-encrypted connections, if those websites have opted into a new security mechanism.
VirusTotal, a Google-owned online malware scanning service, is creating a whitelist of products from large software vendors to reduce bad detections by antivirus programs.