Security Alerts & News
by Tymoteusz A. Góral

History
#2018 OpenSSL update fixes high-severity DoS vulnerability
The OpenSSL Software Foundation released an update to the OpenSSL crypto library that patches a vulnerability rated high severity that could allow a remote attacker to cause a denial-of-service condition.

OpenSSL released the version 1.1.0e update that fixes flaws found in OpenSSL 1.1.0, according to the OpenSSL Security Advisory issued last week. The United States Computer Emergency Response Team also alerted system admins of the issue last week.

According to OpenSSL, the vulnerability occurs during a renegotiation handshake procedure. “If the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL to crash (dependent on ciphersuite). Both clients and servers are affected,” according to the advisory.
Read more
#2018 OpenSSL update fixes high-severity DoS vulnerability
#2017 Firefox users fingerprinted via cached intermediate HTTPS certificates
#2016 The attack of the alerts and the zombie script
#2015 Hacks all the time. Engineers recently found Yahoo systems remained compromised
#2014 CryptoMix: Avast adds a new free decryption tool to its collection
#2013 Microsoft Security Bulletin MS17-005 - Critical
#2012 Java and Python FTP attacks can punch holes through firewalls
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12