A high-severity bug in OpenSSL was disclosed today, and it affects only organizations that installed an update released in June, and allows anyone with an untrusted TLS certificate to become a CA.
Tag Archives: Web Security
Firefox 39 Out With Patches for Four Critical Vulnerabilities
Mozilla has rolled out a new version of its Firefox browser, an update that includes patches for four critical security vulnerabilities and several less-severe bugs. IN all, Firefox 39 patches 13 vulnerabilities, including two high-risk bugs and six moderate-level ones. The most dangerous vulnerabilities, however, include a pair of use-after-free bugs in one part of […]
FBI Director to Silicon Valley: ‘Try Harder’ to Find ‘Going Dark’ Solution
FBI director James Comey and Deputy Attorney General Sally Yates testified before a Senate committee on how encryption is hampering law enforcement and national security efforts.
Hacking Team Flash Zero Day Weaponized in Exploit Kits
Three exploit kits–Angler, Nuclear Pack and Neutrino–have already weaponized the Adobe Flash Player zero day found among the data stolen from Hacking Team.
Hacking Team Plans to Continue Operations
UPDATE–It has been absolutely brutal week for Hacking Team. All of the company’s documents, internal communications, emails with customers, and invoices have been published, including its dealings with oppressive regimes and customers in sanctioned countries. But even with all that, company officials said they have no plans to cease operations, even as they’re asking customers […]
Adobe to Patch Hacking Team Zero Day in Flash
Adobe is expected tomorrow to patch a Flash zero day vulnerability uncovered among the data stolen in the Hacking Team breach.
EU Lawmaker Wants Answers on Hacking Team Sales to Sanctioned Countries
A prominent member of the EU parliament, who has been outspoken on security and privacy issues, on Tuesday submitted a written list of questions to the European Commission about the actions of Hacking Team and whether the company had violated EU sanctions regarding sales to specific countries. Marietje Schaake, a Dutch member of the European […]
Critical DoS Bug in Node.js, io.js Patched
Developers at Node.js over the weekend released a critical update to the runtime environment that addresses a bug that could be used to cause denial of service attacks.
Crypto Leaders: ‘Exceptional Access’ Will Undo Security
Thirteen cryptography leaders and pioneers published a paper warning of the economic and social pitfalls associated with the government’s desire for “exceptional access” to cryptographic keys.
Hacking Team Couldn’t Hack Your iPhone
More than 36 hours after the huge cache of data from Hacking Team’s corporate network was dumped online, researchers are continuing to find surprising bits and pieces in the documents. Among them is evidence that the company had an enterprise developer certificate from Apple, allowing it to develop internal apps, but could not get its […]