Heartbleed

Google Unveils OSS-Fuzz to test Open Source Software Security

In-brief: Google’s security team on Thursday announced the release of a new tool, OSS-Fuzz that it says will improve the security of the Internet by providing realtime, automated secruity testing of common open source components.

Flaw in Super Secret BlackPhone Underscores Third Party Risk

In-brief: Black Phone contains a security flaw that could enable a malicious actor to redirect phone calls or secretly send text messages from the device, according to a report from the firm SentinelOne. The culprit: vulnerable third party software.*

Firm Finds Crypto Keys Recycled on Thousands of Devices

In-brief: Encryption keys used to secure data on- and communications between embedded devices are being recycled, creating a huge vulnerability that malicious hackers could exploit to snoop on sensitive communications or impersonate devices.

an image of a metal tower of Power Lines

Study: Energy, Utilities Struggle with Security Readiness

In-brief: a survey of key sectors found that energy and utilities firms are struggling to reduce their risk of an attack.

Unpatched Vulnerabilities Common on Docker Hub Images

In-brief:  A survey out from the firm Banyan finds that official and general repositories on Docker Hub are rife with serious and exploitable software vulnerabilities, including Heartbleed, Shellshock and Poodle.