Collaborate Disseminate
Experts challenge Yahoo’s assertion that state-sponsored hackers were behind a 2014 breach that resulted in 500 million lost records. Continue reading Yahoo Challenged on Claims Breach Was State-Sponsored Attack
A number of Democratic Congressional leaders wrote Yahoo CEO Marissa Mayer a letter seeking answers about the breach of 500 million customer records. Continue reading Congressional Leaders Demand Answers on Yahoo Breach
Mozilla has proposed banning new SHA-1 certificates from Chinese Certificate Authority WoSign for one year after it accused the CA of back-dating the deprecated certs. Continue reading Mozilla Wants to Drop WoSign as Trusted CA
Google released CSP Evaluator and CSP Mitigator to aid developers in building better Content Security Policy protections for web applications. Continue reading New Google Tools Help Devs Improve Content Security Policy Protection
Crypto company Venafi points out potential holes in Yahoo’s processes and policies around cryptography and digital certificates, any of which could have been exploited in the breach to move data off the Yahoo network. Continue reading Questions Mount Around Yahoo Breach
OpenSSL’s most recent update introduced a critical vulnerability in the crypto library, forcing an emergency update today. Continue reading OpenSSL Fixes Critical Bug Introduced by Latest Update
OpenSSL patched a high-severity vulnerability in its deployment on the Online Certificate Status Protocol, and also mitigated the SWEET32 attack. Continue reading OpenSSL Patches High-Severity OCSP Bug, Mitigates SWEET32 Attack
Yahoo confirmed that in 2014 state-sponsored hackers stole information associated with 500 million accounts from its network. Continue reading 500 Million Yahoo Accounts Stolen By State-Sponsored Hackers
Three vulnerabilities were patched Wednesday in the Drupal content management system’s core engine, two of which were rated critical. Continue reading Drupal Patches Three Vulnerabilities in Core Engine
Yahoo is expected to confirm a data breach that exposed hundreds of millions of credentials dating back to 2012. Continue reading Yahoo Reportedly to Confirm Breach of Hundreds of Millions of Credentials