The GNU Transport Layer Security Library (GnuTLS) patched a vulnerability hidden in code for nearly two years. The issue applies to a flaw in how TLS 1.3 session resumption works without a master key. As a result, an attacker could exploit and launch man-in-the-middle (MITM) attacks.
Security researchers have discovered a new vulnerability dubbed Kr00k (or "KrØØk") that impacts devices with Broadcom and Cypress Wi-Fi chips.
Yubico has issued a recall of certain models of its YubiKey FIPS series devices after the company discovered security issues.
WordPress version 5.2 dubbed "Jaco" is available for download and includes a number of new security features and improvements, such as digitally-signed updates, Site Health Check, and PHP error protection.
Facebook provided an update to a previously disclosed incident involving insecurely storing "tens of thousands" of Instagram users' passwords on internal servers in clear text. Facebook now says that "millions" of Instagram accounts are now impacted.
Multiple VPN applications are vulnerable to not properly encrypting sensitive data and insecurely storing session cookies.
Mozilla just introduced Firefox Send, a free encrypted file transfer service that allow users to safely and simply share files via any browser.
The National Institute of Standards and Technology (NIST) has releases its Security Publication (SP) 800-177 Revision 1, that include security guidelines and recommendations for achieving "trustworthy email".
Google announced a major security enhancement to its public Domain Name Service (DNS), the most widely used public DNS recursive resolver service used on the internet.
Cisco's Talos security group has discovered a new cyber campaign dubbed "DNSpionage" that targets organizations in the Middle East. The cyber attacks have impacted .gov domains in Lebanon and the United Arab Emirates (UAE),…