Things are about to get a lot safer on the internet with SHA-2, but there is plenty of work still to be done when it comes to SHA-1 deprecation.

A bug in GoDaddy’s domain validation process forced the registrar to revoke SSL certificates and reissue certs for more than 6,000 customers.

Threatpost writers recap 2016’s biggest news stories, including the proliferation of IoT botnets, ransomware, the FBI vs. Apple story, and more.

NIST has made a public plea for submissions for new crypto algorithms that can stand up against quantum computing and protect data.

Members of the bipartisan encryption working group released a year-end report concluding that encryption backdoor laws would do more harm than good.

A trove of data belonging to Ameriprise Financial was found earlier this month and included Social Security number, decryption keys and confidential internal company documents.

A vulnerability in cryptsetup, a utility used to set up encrypted filesystems on Linux distributions, could allow an attacker to retrieve a root rescue shell on some systems.

A lobbying organization sent a letter to President-Elect Donald Trump, asking him to support the expansion of strong encryption and reform government surveillance activities.

An OpenSSL update released on Thursday patched three vulnerabilities included one rated high severity in TLS connections using the ChaCha20-Poly 1305 ciphersuite.

An audit of open source file and disk encryption software VeraCrypt wrapped up and a number of critical vulnerabilities uncovered in the assessment were patched.