Oracle Corporation issued a series of emergency patches on Tuesday last week, fixing five vulnerabilities in its Tuxedo middleware platform, including a critical one that has been compared to Heartbleed.
According to John Matherly - internet cartographer, security gadfly and founder of IoT-search engine Shodan - the internet of connected things is very much here to stay.
Anyone running glibc 2.9 or above should upgrade to a later version or apply a vendor patch now as malware authors will be looking at this bug closely given its remote code execution capabilities says Carl Leonard.
Nine out of 10 SSL VPN servers use insecure or outdated encryption, which puts corporate data at risk.
The PCI SSC has pushed back the date by which members must change to a secure version of TLS (currently 1.1 or higher); the migration is being revised today and pushed back from June 2016 to June 2018.
Having recently rushed to fix a vulnerability on one of its products, Advantech has reportedly opened up the door for new vulnerabilities.
As the patching cycle becomes ever longer, some experts are pushing for mandatory security updating of critical IoT devices.
The OpenSSL vulnerability revealed a couple of weeks ago is "no Heartbleed" according to security experts but that's not to diminish the seriousness of the flaw.
Old malware variants, the Zeus Trojan and the Conficker computer worm, remain a huge problem for most UK companies, according to CERT-UK's first annual report.
The OpenSSL group has patched numerous flaws with the release of OpenSSL versions 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf, including a "high severity" bug which, fortunately, is not as serious as Heartbleed or Poodle.
A critical flaw found on open-source Jetty HTTP web servers could - if left unpatched - lead to hackers hijacking internet sessions and stealing sensitive data.
Systems admins are being warned of a decades-old bug that means hundreds of millions of systems - ranging from Unix/Linux web servers to possibly Apple devices and WiFi routers - can be easily hijacked.
The Heartbleed security issue may be six months old, but it remains a major problem.
Further lessons from Heartbleed, beyond the hype, include caution when listening to advice, such as re-setting passwords, says Chris Russell.
The future of computing infrastructure, mobile applications, and personal data protection has been altered by Heartbleed says Joram Borenstein.
Two-and-a-half months on from the discovery of the Heartbleed bug affecting OpenSSL security, and one security researcher claims that the flaw still affects 300,000 servers.
David Sandin looks at the implications of using open-source code libraries in vendors' security solution, and the assumptions that lay behind the Heartbleed bug.
The speed of reaction to Heartbleed was not matched by the quality of response, says Russ Spitler who calls for more and better education to effectively share knowlege that benefits us all.
This week's In Case You Missed It column looks at Vladimir Putin's Internet views, bigger and badder DDoS attacks, and further reaction to OpenSSL and Heartbleed.
As Hearbleed slows down the internet, experts say that two-factor authentication may the way forward to protect our web sessions.
The Government's reaction to the 'Heartbleed' flaw has been criticised after the Mumsnet parenting site became the UK's first known victim of Heartbleed hackers.
As the Heartbleed bug demonstrates, passwords - especially the way they are commonly used across sites - are inherently vulnerable suggests Chris Russell