The OpenSSL patch issued on Sept. 22 was meant to fix a vulnerability, but it only caused more problems. The Sept. 26 update fixed the outstanding issues.
A simple hardware listening system can expose the OpenSSL crypto keys used for smartphones to cybercriminals, putting users at risk.
OpenSSL is vulnerable to DROWN, an attack based on support for the obsolete SSLv2 protocol, which leaves OpenSSL programs at risk.
Open source projects have gotten a bad rap in security circles thanks to Heartbleed and other flaws, but an industry consortium may change that.
The Core Infrastructure Initiative has released a ranking of open-source tools that should help the industry avoid problems in OpenSSL and similar tools.
Multiple new OpenSSL releases finally clear the Logjam flaw and address other low-to-moderate vulnerabilities plaguing the encryption software.
Here is a look at the remote code execution bug in OpenSSL's DTLS, how it works and the different ways cybercriminals might leverage it for exploitation.
The Bash bug, a new vulnerability known as Shellshock, could have a sizable impact on an untold number of devices, according to security experts.
Asset management can be improved when responsibilities are shared and the inventory system is established, frequently updated and quickly actionable.
According to a recent Secret Service and Department of Homeland Security release, the Backoff hacker tool is still alive and well in American POS systems.