In-brief: Researchers from the firm Cylance warned that an unpatched security flaw first discovered in 1997 could be used to attack a wide range of popular applications and steal user credentials.
CERT
Update: CAs Still Accepting E-mail as Proof of Domain Ownership
In-brief: Carnegie Mellon’s CERT issued a warning that many certificate authorities continue to issue domain certificates with no more proof than the right e-mail address. Updated to include comment from GlobalSign. Paul 3/27/2015
Intel: New Approach Needed to Secure Connected Health Devices
In-brief: connected medical devices pose a number of risks to patients, including the threat of “targeted killings,” according to a report by Intel Security. The fix: better application design and more public-private sector cooperation.
DHS: APT behind Half of Cyber Incidents In Critical Infrastructure
In-brief: A new report from the Department of Homeland Security reveals that there were 245 reported incidents of cyber attacks on critical infrastructure in 2014. More than half were attributed to sophisticated “APT” type actors.
Update: Superfish is the Real End of SSL
In-brief: Outrage over Lenovo’s promotion of privacy busting adware continued to grow amid lawsuits and more spying revelations. The big question: is this the final – final straw for the beleaguered Secure Sockets Layer (SSL) technology? (Updated to add comment from Kevin Bocek of Venafi.)
