In-brief: Researchers from the firm Cylance warned that an unpatched security flaw first discovered in 1997 could be used to attack a wide range of popular applications and steal user credentials.
In-brief: Carnegie Mellon’s CERT issued a warning that many certificate authorities continue to issue domain certificates with no more proof than the right e-mail address. Updated to include comment from GlobalSign. Paul 3/27/2015
In-brief: connected medical devices pose a number of risks to patients, including the threat of “targeted killings,” according to a report by Intel Security. The fix: better application design and more public-private sector cooperation.
In-brief: A new report from the Department of Homeland Security reveals that there were 245 reported incidents of cyber attacks on critical infrastructure in 2014. More than half were attributed to sophisticated “APT” type actors.
In-brief: Outrage over Lenovo’s promotion of privacy busting adware continued to grow amid lawsuits and more spying revelations. The big question: is this the final – final straw for the beleaguered Secure Sockets Layer (SSL) technology? (Updated to add comment from Kevin Bocek of Venafi.)