NTP fixes denial-of-service flaws
Attackers can exploit NTP to generate large volumes of junk traffic for distributed denial-of-service attacks. Update NTP to keep your servers out of the DDoS botnet
Stories by Fahmida Y. Rashid
10 AWS security blunders and how to avoid them
Amazon Web Services is easy to work with -- but can easily compromise your environment with a single mistake
Windows GDI flaw leads to PowerShell attacks
APT group FruityArmor exploited Windows GDI memory handling to break out of browser sandboxes and launch PowerShell in targeted attacks
Stupid encryption mistakes criminals make
Blown cover: Malware authors show how easy it is to get encryption wrong and, in the process, help security pros crack their code
ISPs mind their MANRS to block DDoS attacks
The Internet Society's MANRS initiative improves Internet security by asking ISPs to clean up their routing rules and check network traffic
A first: ICANN will generate new DNSSec key
The update is a serious and critical undertaking that will ensure greater DNS security
ISC updates critical DoS bug in BIND DNS software
The denial-of-service flaw in BIND can be triggered by specially crafted DNS packages and is capable of knocking critical servers offline
What’s in your code? Why you need a software bill of materials
When developers and suppliers carefully list the tools used to build an application and what third-party components are included, IT can improve software patching and updates
Lockdown! Harden Windows 10 for maximum security
To make the most of Windows 10's security improvements, you must target the right edition and hardware for your needs
Tenable brings network visibility into Google Cloud Platform
Tenable SecurityCenter Continuous View gives IT administrators visibility over their applications hosted in Google Cloud Platform.
Google patches critical bug on Android Nexus 5X devices
The vulnerability, which Google has patched, could let attackers obtain the password for locked Nexus 5X devices and access device contents
New collision attacks against triple-DES, Blowfish break HTTPS sessions
Legacy ciphers such as triple-DES and Blowfish are vulnerable to Sweet32 attacks, which let attackers decrypt HTTPS sessions even without the encryption key
Automate, integrate, collaborate: Devops lessons for security
Devops is transforming application development; the same principles of automation, integration, and collaboration can vastly improve security as well
Keep using password managers -- bugs and all
A furor over bugs in password managers left users in a jam. Self-proclaimed security empress Jessy Irwin clears up the confusion
Respect: Windows 10 security impresses hackers
Windows is a popular attack target for criminals and researchers alike, but Microsoft has done a good job of making it harder to target security flaws in the OS