The Mozilla Foundation has patched a memory corruption vulnerability CVE-2021-43527 in network security services (NSS) via DER-encoded DSA and RSA-PSS signatures.
The National Security Agency (NSA) has issued new guidance for adopting encrypted DNS over HTTPS dubbed “DoH.”
The National Security Agency (NSA) has issued new guidance to eliminate obsolete Transport Layer Security (TLS) protocol configurations (such as TLS 1.0, TLS 1.1, SSLv2, SSLv3 and weak ciphers).
The National Institute of Standards and Technology (NIST) has issued the NIST SP 800-208 Recommendation for Stateful Hash-Based Signature Schemes.
The GNU Transport Layer Security Library (GnuTLS) patched a vulnerability hidden in code for nearly two years. The issue applies to a flaw in how TLS 1.3 session resumption works without a master key. As a result, an attacker could exploit and launch man-in-the-middle (MITM) attacks.
Security researchers have discovered a new vulnerability dubbed Kr00k (or “KrØØk”) that impacts devices with Broadcom and Cypress Wi-Fi chips.
The National Institute of Standards and Technology (NIST) has released its Security Publication (SP) 800-52 Rev. 2: Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations.
Yubico has issued a recall of certain models of its YubiKey FIPS series devices after the company discovered security issues.
WordPress version 5.2 dubbed “Jaco” is available for download and includes a number of new security features and improvements, such as digitally-signed updates, Site Health Check, and PHP error protection.
Facebook provided an update to a previously disclosed incident involving insecurely storing “tens of thousands” of Instagram users’ passwords on internal servers in clear text. Facebook now says that “millions” of Instagram accounts are now impacted.