Security Alerts & News
by Tymoteusz A. Góral

History
#2119 US-CERT warns HTTPS inspection may degrade TLS security
Recent academic work looking at the degradation of security occurring when HTTPS inspection tools are sitting in TLS traffic streams has been escalated by an alert published Thursday by the Department of Homeland Security.

DHS’ US-CERT warned enterprises that running standalone inspection appliances or other security products with this capability often has a negative effect on secure communication between clients and servers.

“All systems behind a hypertext transfer protocol secure (HTTPS) interception product are potentially affected,” US-CERT said in its alert.

HTTPS inspection boxes sit between clients and servers, decrypting and inspecting encrypted traffic before re-encrypting it and forwarding it to the destination server. A network administrator can only verify the security between the client and the HTTP inspection tool, which essentially acts as a man-in-the-middle proxy. The client cannot verify how the inspection tool is validating certificates, or whether there is an attacker positioned between the proxy and the target server.
Read more
#2119 US-CERT warns HTTPS inspection may degrade TLS security
#2118 Another years-old flaw fixed in the Linux kernel
#2117 Intel, Microsoft launch new bug bounty programs
#2116 MajikPOS combines PoS malware and RATs to pull off its malicious tricks
#2115 Revenge ransomware, a CryptoMix variant, being distributed by RIG exploit kit
#2114 This laptop-bricking USB stick just got even more dangerous
#2113 New smartphone threat: Now attackers can use sound to hack your device
#2112 Hack brief: High-profile Twitter accounts overrun with swastikas
#2111 Check Point discloses vulnerability that allowed hackers to take over hundreds of millions of WhatsApp & Telegram accounts
#2110 Russian hacker "Kolypto" who worked on Citadel trojan extradited to the US
#2109 US charges two Russian agents with ordering hack of 500m Yahoo accounts
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12