Socat published a security advisory warning users that a hard-coded 1024 Diffie-Hellman prime number was not prime, and that an attacker could listen and recover secrets from a key exchange.
Tag Archives: Vulnerabilities
Threatpost News Wrap, January 29, 2016
Mike Mimoso and Chris Brook discuss the news of the week, including the latest on the BlackEnergy APT Group, Amazon getting into the SSL certificate game, and government agencies being told to audit their systems for the Juniper backdoor.
OpenSSL Patches Serious Flaws in Library
The OpenSSL project team today patched two vulnerabilities in the crypto library, one of which is rated high severity.
Java Serialization Bug Crops Up At PayPal
PayPal has rewarded two researchers with bug bounties for the discovery of a Java serialization vulnerability in manager.paypal.com
MiniUPnP Vulnerability Clears Way for Stack Smashing Attack
Cisco has demonstrated an attack against Stack Smashing Protection in Linux systems that is facilitated by a critical vulnerability in MiniUPnP.
Mozilla Patches Critical Vulnerabilities in Firefox 44
Mozilla has patched a number of critical vulnerabilities in Firefox 44 and Firefox Extended Release 38.6, which were released this week.
Magento Update Addresses XSS, CSRF Vulnerabilities
Magento patched 20 flaws last week, including a stored cross-site scripting (XSS) vulnerability that could have let an attacker take over a site.
FreeBSD Patches Kernel Panic Vulnerability
FreeBSD has patched a kernel panic vulnerability is versions compiled to support IPv6 and SCTP.
‘Deliberate’ Backdoor Removed From Secure Conferencing Gear
AMX, a provider of audio-visual conferencing gear used in sensitive government and military locations, has removed a “deliberate” backdoor in one of its central controller system products.
Google Challenges Number of Android Devices Affected by Linux Flaw
Google has patched Android against a critical Linux kernel vulnerability, and said the number of affected Android devices has been exaggerated.