Socat published a security advisory warning users that a hard-coded 1024 Diffie-Hellman prime number was not prime, and that an attacker could listen and recover secrets from a key exchange.
Tag Archives: Web Security
Threatpost News Wrap, January 29, 2016
Mike Mimoso and Chris Brook discuss the news of the week, including the latest on the BlackEnergy APT Group, Amazon getting into the SSL certificate game, and government agencies being told to audit their systems for the Juniper backdoor.
Oracle to Kill Java Browser Plugin
Oracle has finally announced its intent to nail the coffin shut on its Java browser plugin.
OpenSSL Patches Serious Flaws in Library
The OpenSSL project team today patched two vulnerabilities in the crypto library, one of which is rated high severity.
Java Serialization Bug Crops Up At PayPal
PayPal has rewarded two researchers with bug bounties for the discovery of a Java serialization vulnerability in manager.paypal.com
MiniUPnP Vulnerability Clears Way for Stack Smashing Attack
Cisco has demonstrated an attack against Stack Smashing Protection in Linux systems that is facilitated by a critical vulnerability in MiniUPnP.
Mozilla Patches Critical Vulnerabilities in Firefox 44
Mozilla has patched a number of critical vulnerabilities in Firefox 44 and Firefox Extended Release 38.6, which were released this week.
Amazon Certificate Manager Brings Free SSL Certs to AWS Users
Amazon’s new Certificate Manager is providing SSL certificates for free to AWS customers but experts warn it’s only a matter of time before they’re exploited.
Magento Update Addresses XSS, CSRF Vulnerabilities
Magento patched 20 flaws last week, including a stored cross-site scripting (XSS) vulnerability that could have let an attacker take over a site.
FreeBSD Patches Kernel Panic Vulnerability
FreeBSD has patched a kernel panic vulnerability is versions compiled to support IPv6 and SCTP.