US-CERT issues alert to server admins warning of a dangerous OpenSSL vulnerability and urges 1.1.0 users update to version 1.1.0e.
Tag Archives: OpenSSL
Latest Ubuntu Update Includes OpenSSL Fixes
Ubuntu users are encouraged to update their operating systems to the latest OpenSSL package versions to address a collection of vulnerabilities.
Heartbleed Persists on 200,000 Servers, Devices
Almost 200,000 servers are still vulnerable to Heartbleed, the OpenSSL vulnerability patched nearly three years ago.
Over 199,500 Websites Are Still Vulnerable to Heartbleed OpenSSL Bug
It’s more than two and half years since the discovery of the critical OpenSSL Heartbleed vulnerability, but the flaw is still alive as it appears that many organizations did not remediate properly to the serious security glitch.
It was one of the biggest flaws in the Internet’s history that affected the core security of as many as two-thirds of the world’s servers i.e. half a million servers at
OpenSSL Releases Patch For "High" Severity Vulnerability
As announced on Tuesday, the OpenSSL project team released OpenSSL version 1.1.0c that addresses three security vulnerabilities in its software.
The most serious of all is a heap-based buffer overflow bug (CVE-2016-7054) related to Transport Layer Security (TLS) connections using *-CHACHA20-POLY1305 cipher suites.
The vulnerability, reported by Robert Święcki of the Google Security Team on
Critical DoS Flaw found in OpenSSL — How It Works
The OpenSSL Foundation has patched over a dozen vulnerabilities in its cryptographic code library, including a high severity bug that can be exploited for denial-of-service (DoS) attacks.
OpenSSL is a widely used open-source cryptographic library that provides encrypted Internet connections using Secure Sockets Layer (SSL) or Transport Layer Security (TLS) for the majority of websites, as well
New Collision Attacks Against 3DES, Blowfish Allow for Cookie Decryption
Researchers have found a new way to recover and decrypt authentication cookies from 3DES and Blowfish protected traffic. In response, OpenSSL is expected to deprecate 3DES’ designation from high to medium.
High-Severity OpenSSL Vulnerability allows Hackers to Decrypt HTTPS Traffic
OpenSSL has released a series of patches against six vulnerabilities, including a pair of high-severity flaws that could allow attackers to execute malicious code on a web server as well as decrypt HTTPS traffic.
OpenSSL is an open-source cryptographic library that is the most widely being used by a significant portion of the Internet services; to cryptographically protect their sensitive Web
Linux Foundation Badge Program to Boost Open Source Security
A new CII Best Practices Badge program will help companies, interested in adopting open source technologies evaluate projects based on security, quality and stability.
Threatpost News Wrap, March 4, 2016
Mike Mimoso and Chris Brook recap RSA 2016, the pervasiveness of the FBI vs. Apple debate, OpenSSL two years after Heartbleed, and why hacking back is always a bad idea.