Chrome 93 will be rolling out later today. It removes support for the 3DES cipher suite and adds better support for multi-screen window placement. Google has also started to develop WebOTP on desktop.
Microsoft has provided a roadmap for the removal of legacy versions of the TLS protocol from its Edge and Internet Explorer browsers. The Chromium-based version of Edge will remove them in July.
Mozilla has released Firefox 74. While it doesn't feature large UI changes, it does improve usability, for example, third-party programs can no longer install unwanted add-ons in your browser.
NordVPN has acknowledged that there was a breach of one of its datacenters back in March 2018 and that it has only known about the issue for a few months. Most users were unaffected by the breach.
Following up on its commitment to drop support for legacy versions of the TLS protocol, Google has detailed how the technology will be deprecated in its browser over the next few months.
Mozilla has deprecated TLS 1.0 and 1.1 in the latest Firefox Nightly builds. The move comes in preparation for most major browsers, including Chrome, disabling those protocols in March next year.
Apple has quietly put out a support page announcing the deprecation of TLS certificates signed with SHA-1 in iOS 13 and macOS 10.15 Catalina two years after other tech giants adopted the change.
While there are currently no known vulnerabilities in TLS 1.0 and 1.1, Microsoft plans to end support for these old protocols in supported versions of Microsoft Edge and IE 11 by 2020.
Cloudflare has announced its new Spectrum service, which extends the company's DDoS protection service to any TCP protocol, including gaming services, remote server access, and email.
After four years of debates, including attempts from the financial sector to soften it, Transport Layer Security (TLS) protocol version 1.3 has been finished and is ready to be implemented.
WordPress.com, the paid side of WordPress, has started to utilize the Let's Encrypt project to enable HTTPS for all of the websites with custom domains that are hosted on the service.
In a blog post today, Google has outlined a couple of small, but noticeable, changes aimed at providing better security feedback for users of their Gmail web clients.
In a move to improve email security, Gmail will be implementing a new feature that warns a user if an incoming email is unencrypted. The feature will roll out in the months to come.
SSL certificates exist to increase security and prevent snooping on your browsing sessions. Gogo believes you shouldn't have that and appears to be intentionally performing MITM attacks on its users.
Google researchers released a paper that describes how SSLv3 can be compromised to steal sensitive information, pretty much forcing all webservers to only support the newer TLS protocols.