Clik here to view.
Phishing campaign via Dropbox exploits SSL of the popular cloud service
Experts at Symantec have detected a scam based on Dropbox accounts to serve phishing pages over secure communication channels. Recently a massive data leakage has interested DropBox, a week ago a guest...
View ArticleClik here to view.
GE Multilink Switches affected by critical vulnerabilities
GE MultiLink managed switches are affected by two vulnerabilities which could be exploited to gain unauthorized access and run DoS attacks on the device. Managed Ethernet switches produced by GE...
View ArticleClik here to view.
Mozilla continues the phasing out of 1024-bit SSL CA certificates
Mozilla products including the Firefox browser will stop trusting SSL certificates that were issued using old root CA certificates with 1024-bit RSA keys. Mozilla products including the popular Firefox...
View ArticleClik here to view.
OpenSSL announced fix for mystery high critical vulnerability
New versions of OpenSSL will be released on Thursday to patch critical security vulnerabilities, one of which is considered very dangerous. The OpenSSL Project Team announced in an advisory published...
View ArticleClik here to view.
Qualys provides SSL Labs APIs and a tool to automate SSL/TLS tests
Qualys announced the availability of free assessment SSL Labs APIs and a tool that could be used by users to automate SSL vulnerability testing for websites. The Qualys security firm recently created...
View ArticleClik here to view.
Bar Mitzvah attack exploits the Invariance Weakness in RC4
Bar Mitzvah is the name of a new attack on RC4-Based SSL/TLS encryption that allows disclosure of sensitive data by exploiting a 13-Year-Old Vulnerability. Both Secure Sockets Layer (SSL) and its...
View ArticleClik here to view.
A critical MiTM flaw in AFNetworking iOS, OS X framework was fixed
Security experts at Minded Security firm have recently discovered a flaw in the popular networking library for iOS and OS X AFNetworking. The researchers Simone Bovi and Mauro Gentile at the security...
View ArticleClik here to view.
PCI DSS 3.1 and SSLv3: It’s best time to remove the 20 year old SSL protocol
To address the risk PCI DSS 3.1 updates requirements 2.2.3, 2.3 and 4.1 to remove SSL and early TLS as examples of strong cryptography. “The National Institute of Standards and Technology (NIST) has...
View ArticleClik here to view.
Many HTTPs sites at risk of revealing their private keys because of a...
A number of recent discoveries suggest as more HTTPs websites, chat applicationss, and other services online are actualizing perfect forward secrecy. As per a Red Hat (a Linux distributor) security...
View ArticleClik here to view.
Businesses Using Millions of insecure SHA-1 Certificates
Experts at Netcraft discovered that nearly a million SSL SHA-1 certificates were signed with the potentially vulnerable SHA-1 hashing algorithm. Businesses Using Millions of Flawed Certificates, the...
View ArticleClik here to view.
The OpenSSL Project fixed a High Severity flaw CVE-2017-3733 in release 1.1.0
On Thursday the OpenSSL Project has fixed a high severity denial-of-service (DoS) vulnerability in OpenSSL tracked as CVE-2017-3733. The OpenSSL development team has fixed a high severity...
View ArticleClik here to view.
The cybersecurity firm Fox-IT disclosed a security breach that affected its...
For Fox-IT disclosed a security breach that affected its infrastructure and demonstrated how to manage it in an outstanding way. The cybersecurity firm Fox-IT, one of the top security companies...
View ArticleClik here to view.
Three Sonic apps in the Google Play are leaking data to uncertified servers
According to a researcher from security firm Predeo, three Sonic apps in the Google Play published by SEGA leak users’ data to uncertified servers. According to a researcher from security firm Predeo,...
View ArticleClik here to view.
Ensuring best website security through SSL Certificate updates.
What are the advantages for adopting an SSL Certificates and why is it important to discover and analyze SSL Certificates online? Secure Socket Layer (SSL) has gained weight with the increasing concern...
View ArticleClik here to view.
Chrome freezes PC running Windows OS after Windows 10 April update
Some Chrome users are reporting freezes and timeouts after the installation of the Windows 10 April Update, let’s see what has happened After the installation of Windows 10 April Update I observed...
View ArticleIETF deprecates TLS 1.0 and TLS 1.1, update to latest versions
IETF has formally deprecated the TLS 1.0 and TLS 1.1 cryptographic protocols because they lack support for recommended cryptographic algorithms and mechanisms The Internet Engineering Task Force...
View Article