HackDig : Dig high-quality web security articles for hackers

The mystery of the expiring Sectigo web certificate

byPaul DucklinThere’s a bit of a kerfuffle in the web hosting community just at the moment over an expired web security certificate from a certificate authority called Sectigo, formerly Comodo Certificate Authority.Expired certificates are a problem because they cause the web server that relies on them to show up as “invalid” to any program
Publish At:2020-06-02 14:55 | Read:242 | Comments:0 | Tags:Cryptography chain of trust openssl Sectigo SSL TLS

Lock and Code S1Ep5: Mythbusting and understanding VPNs with JP Taggart

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to JP Taggart, senior security researcher at Malwarebytes, about VPNs—debunking their myths, explaining their actual capabilities, and providing some advice on what makes a strong VPN. Tune in for all this and m
Publish At:2020-05-03 14:39 | Read:347 | Comments:0 | Tags:A week in security android trojan biometrics bots iOS mail b

OpenSSL Project fixed high-severity CVE-2020-1967 DoS issue in OpenSSL

The OpenSSL Project has released a security update for OpenSSL that addresses a DoS vulnerability tracked as CVE-2020-1967. The OpenSSL Project released a security update for OpenSSL that patches a high-severity vulnerability, tracked as CVE-2020-1967, that can be exploited by attackers to launch denial-of-service (DoS) attacks. This is the first issue ad
Publish At:2020-04-21 13:45 | Read:767 | Comments:0 | Tags:Breaking News Security CVE-2020-1967 DOS Hacking hacking new

Five years later, Heartbleed vulnerability still unpatched

The Heartbleed vulnerability was introduced into the OpenSSL crypto library in 2012. It was discovered and fixed in 2014, yet today—five years later—there are still unpatched systems.  This article will provide IT teams with the necessary information to decide whether or not to apply the Heartbleed vulnerability fix. However, we caution: The latter c
Publish At:2019-09-20 11:20 | Read:1388 | Comments:0 | Tags:Exploits and vulnerabilities cryptography EKs exploit kits e

The OpenSSL Project fixed a High Severity flaw CVE-2017-3733 in release 1.1.0

On Thursday the OpenSSL Project has fixed a high severity denial-of-service (DoS) vulnerability in OpenSSL tracked as CVE-2017-3733. The OpenSSL development team has fixed a high severity denial-of-service (DoS) flaw tracked as CVE-2017-3733. This is the second security update released in just two months, the first one addressed four low and moderate severit
Publish At:2017-02-16 18:05 | Read:3355 | Comments:0 | Tags:Breaking News Hacking Security CVE-2017-3733 OpenSSL SSL TLS

Roughly 200,000 Devices still affected by the Heartbleed vulnerability

More than two years after the disclosure of the HeartBleed bug, 200,000 services are still affected. Systems susceptible to Heartbleed attacks are still too many, despite the flaw was discovered in 2014 nearly 200,000 systems are still affected. Shodan made a similar search in November 2015 when he found 238,000 results, the number dropped to 237,539 resul
Publish At:2017-01-23 22:35 | Read:4278 | Comments:0 | Tags:Breaking News Hacking Reports Security CVE-2014-0160 encrypt

OpenSSL Project fixed the CVE-2016-7054 High severity DoS bug

The OpenSSL Project has released the OpenSSL 1.1.0c update that addresses several vulnerabilities, including a high-severity DoS flaw (CVE-2016-7054). The OpenSSL Project has released an update for the 1.1.0 branch (OpenSSL 1.1.0c) to fix a number of vulnerabilities. One of the issues solved with the update is the high severity denial-of-service (DoS) flaw C
Publish At:2016-11-13 01:00 | Read:3563 | Comments:0 | Tags:Breaking News Hacking Security CVE-2016-7054 DOS OpenSSL

Flawed MatrixSSL Code Highlights Need for Better IoT Update Practices

SSL is a primary layer of defense on the Internet that makes it possible to have authenticated private conversations even over an untrusted network. Implementing a robust and secure SSL stack, however, is not trivial. Mistakes can lead to large attack surfaces, such as what we witnessed with OpenSSL when “Heartbleed” was discovered.In the wake of “Heartbleed
Publish At:2016-10-11 01:55 | Read:7423 | Comments:0 | Tags:Cyber Security Featured Articles Heartbleed Internet of Thin

CVE-2016-2107 OpenSSL Flaw still affects many Alexa Top Sites

According to the security firm High-Tech Bridge many of the Alexa Top 10,000 websites are still vulnerable to the OpenSSL flaw CVE-2016-2107. The CVE-2016-2107 flaw affecting the open-source cryptographic library could be exploited to launch a man-in-the-middle attack leveraging on the ‘Padding Oracle Attack’ that can decrypt HTTPS traffic if the connection
Publish At:2016-05-31 15:05 | Read:3922 | Comments:0 | Tags:Breaking News Security CVE-2016-2107 encryption Hacking man-

A High-Severity flaw in OpenSSL allows the HTTPS Traffic decryption

OpenSSL has the patches for six flaws including two high-severity bugs that could allow attackers to decrypt HTTPS traffic and execute malicious code on the server. OpenSSL just released several patches to fix vulnerabilities in the open-source cryptographic library, including a couple of high-severity flaws (CVE-2016-2107, CVE-2016-2108) that could be expl
Publish At:2016-05-05 18:35 | Read:4416 | Comments:0 | Tags:Breaking News Hacking Security encryption man-in-the-middle

Aging and bloated OpenSSL is purged of 2 high-severity bugs

Maintainers of the OpenSSL cryptographic library have patched high-severity holes that could make it possible for attackers to decrypt login credentials or execute malicious code on Web servers.The updates were released Tuesday morning for both versions 1.0.1 and 1.0.2 of OpenSSL, which a large portion of the Internet relies on to cryptographically protect s
Publish At:2016-05-04 02:10 | Read:5595 | Comments:0 | Tags:Risk Assessment Technology Lab Uncategorized encryption HTTP

A severe flaw in OpenSSL allows hackers to decrypt HTTPS traffic

Developers of OpenSSL issued a patch that fixes a high-severity vulnerability that allows attackers to decrypt secure traffic. The development team at the OpenSSL has issued a security patch to fix a flaw, coded as CVE-2016-0701, that could be exploited by hackers to decrypt secure traffic. The flaw was reported on January 12
Publish At:2016-01-30 06:40 | Read:3483 | Comments:0 | Tags:Breaking News Hacking Security encryption LogJam OpenSSL sec

OpenSSL Patches Bring Last Update for 0.9.8 and 1.0.0 Branches

The OpenSSL Software Foundation patched four vulnerabilities in the cryptographic software library on Thursday, likely marking the last time that two older versions of the library will receive updates.The group announced back in December 2014 that it would cease support for two of OpenSSL branches, 1.0.0 and 0.9.8 at the end of the 2015. Yesterday, in a secu
Publish At:2015-12-04 17:45 | Read:3591 | Comments:0 | Tags:Vulnerabilities Web Security DoS OpenSSL OpenSSL updates Pat

Core Infrastructure Initiative Launches Open Source Security Badge Program

The Core Infrastructure Initiative (CII), a consortium of technology companies guided by The Linux Foundation, has thrown good money at solving the security woes of open source software. Since its inception last year, it has provided funding for the OpenSSL project allowing it to hire full-time help and audit and clean its codebase. It has also helped suppor
Publish At:2015-08-19 07:15 | Read:2749 | Comments:0 | Tags:Vulnerabilities Web Security Adam Shostack CII Core Infrastr

OpenSSL CVE-2015-1793: Separating Fact from Hype

A vulnerability that allows attackers to create their malicious certificates without depending on any external and trustworthy CAs was fixed in the newest version of the open-source software OpenSSL released July 9. Identified as CVE-2015-1793 (Alternative Chains certificate forgery) and rated with “high severity”, the vulnerability allows attack
Publish At:2015-07-16 23:05 | Read:4529 | Comments:0 | Tags:Vulnerabilities digital certificate HTTPS OpenSSL SSL vulner


Tag Cloud