In-brief: The recently disclosed VENOM vulnerability dispels the myth that virtual machines are immune to cyber attacks, and raises important questions about our reliance on shared code.
In-brief: Three quarters of Global 2000 organizations have yet to fully remediate the Heartbleed vulnerability one year after it was discovered, according to a study by the firm Venafi.
In-brief: The OpenSSL Project is publishing software updates to address a range of security flaws, at least one of them rated “critical.” The update comes amid a comprehensive audit of the OpenSSL code.
In-brief: A report from Bruce Schneier and researchers at the Universities of Wisconsin and Washington surveys the (many) ways that cryptographic protections can be weakened or subverted, and calls for research on fool-proof technologies.
In-brief: The security firm Qualys is warning of a serious and remotely exploitable vulnerability in a function of the GNU C Library (glibc) known as gethostbyname. The security hole raises more questions about dangers lurking in legacy, open source software.