The GNU Transport Layer Security Library (GnuTLS) patched a vulnerability hidden in code for nearly two years. The issue applies to a flaw in how TLS 1.3 session resumption works without a master key. As a result, an attacker could exploit and launch man-in-the-middle (MITM) attacks.
Researchers at the CERT Coordination Center (CERT/CC) have released details on a critical Point-to-Point Protocol Daemon (pppd) vulnerability CVE-2020-8597.
Security experts are again warning that advanced persistent threat (APT) actors are exploiting vulnerabilities in multiple Virtual Private Network (VPN) applications.
Security researchers from FireEye have identified a wave of DNS hijacking attacks on domains owned by government, telecom and internet infrastructure organizations around the globe. The analysis suggests the bad actors behind the cyber attacks are of Iranian origin or sponsorship.
The Transport Layer Security (TLS) 1.3 has officially become a standard last week. The new TLS standard now offers improved privacy, security and performance to the internet security protocol.
Google released Chrome 68 (68.0.3440.70) for Android and will be available on Google Play in the upcoming weeks. The update includes a fix for an Autofill issue.
The PCI Security Standards Council (PCI SSC) has published a minor revision to the PCI Data Security Standard (PCI DSS) for organizations that handle branded credit cards from the major card networks.
OpenSSL has released security updates to address several vulnerabilities that impact previous versions of OpenSSL 1.1.0 and 1.0.2.
The NIST standard, SP 800-177 Revision 1, Trustworthy Email (Draft) was released last month and offers up-to-date security guidance to include SPF, DKIM, DMARC, and email digital signatures and encryption (via S/MIME), among others.