Researchers from Arbor Networks’ Security Engineering and Response Team (ASERT) say they have unearthed fresh leads on the tools and techniques used in the most recent wave of Shamoon attacks.

By making the Vulnerability Equities Process law, advocates of the idea argue there would be more reliability, transparency and accountability in the process of government vulnerability disclosure.

Microsoft’s delayed release of its February security bulletins leaves users exposed to a pair of already publicly disclosed vulnerabilities.

New file-sharing protocols and interfaces called Upspin have been released to open source. Built by Google, Upspin returns access control and data security to the user.

The way Firefox caches intermediate CA certificates could allow for the fingerprinting of users and the leakage of browsing details, a researcher warns.

US-CERT issues alert to server admins warning of a dangerous OpenSSL vulnerability and urges 1.1.0 users update to version 1.1.0e.

SMTP Strict Transport Security is coming to major webmail providers this year, a Google engineer said at RSA Conference

Researchers from Dell SecureWorks infiltrated a Nigerian business email spoofing and business email compromise operation, shutting down a number of money mule accounts in the process.

Google secures its perimeter with explicit trust in what it knows about users and the devices connecting to its corporate services.

The United States is losing on the cyber-battlefield and face a bleak threat landscape, according to DHS chairman Michael McCaul. But, he says, there is still hope to turn things around.