Security Alerts & News
by Tymoteusz A. Góral

History
#304 Mozilla breaks its own promise, allows Symantec to issue insecure certificates
Mozilla has decided to grant an exemption to its SHA-1 certificate ban and allow Symantec to issue nine new certificates for one of its clients Worldpay PLC.
#303 IRS taxpayer data theft seven times larger than originally thought
Investigators found that "390,000 additional taxpayer accounts" were affected. Fraudsters tried to target an additional 295,000 taxpayer transcripts than previously thought, but "access was not successful," the IRS said.
#302 Most software already has a “golden key” backdoor — it’s called auto update
Software updates are just another term for cryptographic single-points-of-failure.
#301 Cisco FirePOWER Management Center unauthenticated information disclosure vulnerability
The device login page in Cisco FirePOWER Management Center 5.3 through 6.0.0.1 allows remote attackers to obtain potentially sensitive software-version information by reading help files, aka Bug ID CSCuy36654.
#300 90 percent of all SSL VPNs use insecure or outdated encryption
Information security firm High-Tech Bridge has conducted a study of SSL VPNs (Virtual Private Networks) and discovered that nine out of ten such servers don't provide the security they should be offering, mainly because they are using insecure or outdated encryption.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12