Researchers launched a Proof-of-Concept attack on two Android mobile phones and an embedded system board.

US-CERT issues alert to server admins warning of a dangerous OpenSSL vulnerability and urges 1.1.0 users update to version 1.1.0e.

Ubuntu users are encouraged to update their operating systems to the latest OpenSSL package versions to address a collection of vulnerabilities.

Almost 200,000 servers are still vulnerable to Heartbleed, the OpenSSL vulnerability patched nearly three years ago.

An OpenSSL update released on Thursday patched three vulnerabilities included one rated high severity in TLS connections using the ChaCha20-Poly 1305 ciphersuite.

OpenSSL’s most recent update introduced a critical vulnerability in the crypto library, forcing an emergency update today.

OpenSSL patched a high-severity vulnerability in its deployment on the Online Certificate Status Protocol, and also mitigated the SWEET32 attack.

RC4 apparently is no longer the lone pariah among smaller cryptographic ciphers. Already broken and set for deprecation by the major browser and technology makers, RC4 could shortly have company in Triple-DES (3DES) and Blowfish. Researchers are set to present new attacks against 64-bit ciphers that allow for the recovery of authentication cookies from 3DES-protected...

The frail world of the Android ecosystem has taken some hits in the past week with the disclosure of a full disk encryption bypass vulnerability and the arrival of the HummingBad malware. The FDE bypass highlighted the need to keep Android patch levels current, but as Duo Labs statistics point out, that remains a struggle...

The Linux Foundation says a new Core Infrastructure Initiative (CII) Best Practices Badge program launched Tuesday will help companies interested in adopting open source technologies evaluate projects based on security, quality and stability. The CII Best Practices Badge does not issue certificates nor validate open source projects. Instead, CII is a platform for open source projects...