Security Alerts & News
by Tymoteusz A. Góral

History
#89 High-severity bug in OpenSSL allows attackers to decrypt HTTPS traffic
Maintainers of the OpenSSL cryptographic code library have fixed a high-severity vulnerability that made it possible for attackers to obtain the key that decrypts communications secured in HTTPS and other transport layer security channels.

While the potential impact is high, the vulnerability can be exploited only when a variety of conditions are met.
#88 Microsoft Edge InPrivate mode may not be as private as you thought
It seems like the browser’s InPrivate browsing feature may not be as ‘private’ as we’re lead to believe. Researcher Ashish Singh discovered that users' full browsing history was being stored on their hard drives, noting that “even the private browsing isn’t as private as it seems” in his report, published on Forensic Focus. He added that "websites visited in private mode are also stored in the browser’s WebCache file.”
#86 Android security: Samsung plugs six OS and seven Galaxy-specific bugs
Following Google's monthly fixes for its own Nexus devices in early January, Samsung has now disclosed details of the bugs it will be patching to remedy vulnerabilities in its flagship hardware. The update contains a blend of bugs in Google's update and others that Samsung has addressed independently.
#85 Google Chrome gets ready to mark all HTTP sites as 'bad'
Google's push for all websites to be HTTPS has so far been all carrot. But the company is now using its big stick: a large red cross through every website that doesn't offer an encrypted connection.
#84 Tails 2.0 is out
Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship almost anywhere you go and on any computer but leaving no trace unless you ask it to explicitly.

It is a complete operating system designed to be used from a DVD, USB stick, or SD card independently of the computer's original operating system. It is Free Software and based on Debian GNU/Linux.
#83 Hot or Not? The Benefits and Risks of iOS Remote Hot Patching
FireEye mobile security researchers examine the security risks of iOS apps that employ these alternate solutions for hot patching, and seek to prevent unintended security compromises in the iOS app ecosystem.
#82 Apple Safari crashes: Mystery bug floors browser on iOS and Macs
The mystery bug surfaced on Wednesday with multiple reports on Reddit, Twitter and Apple's support pages of Safari crashing when the address bar is used to search.
#81 Android ransomware variant uses clickjacking to become device administrator
Symantec has found an Android ransomware variant (Android.Lockdroid.E) that uses new tactics, involving a fake package installation, to trick users into giving the malware device administrator rights. As well as encrypting files found on the compromised device, if administrator rights are obtained, the malware can lock the device, change the device PIN, and even delete all user data through a factory reset.
#80 Java browser plugin to be sent to death row in September
Oracle has announced that the days of the Java browser plugin are numbered, with its deprecation set for the upcoming Java Development Kit 9 release and its removal slated for a future release.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12