FreshRSS

πŸ”’
❌ About FreshRSS
☷
β–³ πŸ”ƒ
There are new available articles, click to refresh the page.
Before yesterdayYour RSS feeds

OpenSSL Fixes Multiple New Security Flaws with Latest Update

By Ravie Lakshmanan
The OpenSSL Project has released fixes to address several security flaws, including a high-severity bug in the open source encryption toolkit that could potentially expose users to malicious attacks. Tracked asΒ CVE-2023-0286, the issue relates to a case of type confusion that may permit an adversary to "read memory contents or enact a denial-of-service," the maintainers said in an advisory. The

OpenSSL fixes High Severity data-stealing bug – patch now!

By Paul Ducklin
7 memory mismanagements and a timing attack. We explain all the jargon bug terminology in plain English...

CISA Warns of Flaws in Siemens, GE Digital, and Contec Industrial Control Systems

By Ravie Lakshmanan
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) hasΒ publishedΒ four Industrial Control Systems (ICS) advisories, calling out several security flaws affecting products from Siemens, GE Digital, and Contec. The most critical of the issues have been identified in Siemens SINEC INS that could lead to remote code execution via a path traversal flaw (CVE-2022-45092, CVSS score: 9.9)

Royal Ransomware Threat Takes Aim at U.S. Healthcare System

By Ravie Lakshmanan
The U.S. Department of Health and Human Services (HHS) has cautioned of ongoing Royal ransomware attacks targeting healthcare entities in the country. "While most of the known ransomware operators have performed Ransomware-as-a-Service, Royal appears to be a private group without any affiliates while maintaining financial motivation as their goal," the agency's Health Sector Cybersecurity

Dell, HP, and Lenovo Devices Found Using Outdated OpenSSL Versions

By Ravie Lakshmanan
An analysis of firmware images across devices from Dell, HP, and Lenovo has revealed the presence of outdated versions of theΒ OpenSSLΒ cryptographic library, underscoring a supply chain risk. EFI Development Kit, akaΒ EDK, is an open source implementation of the Unified Extensible Firmware Interface (UEFI), which functions as an interface between the operating system and the firmware embedded in

The OpenSSL security update story – how can you tell what needs fixing?

By Paul Ducklin
How to Hack! Finding OpenSSL library files and accurately identifying their version numbers...

ossl-code-1200

OpenSSL patches are out – CRITICAL bug downgraded to HIGH, but patch anyway!

By Paul Ducklin
That bated-breath OpenSSL update is out! It's no longer rated CRITICAL, but we advise you to patch ASAP anyway. Here's why...

OpenSSL Releases Patch for 2 New High-Severity Vulnerabilities

By Ravie Lakshmanan
The OpenSSL project has rolled out fixes to contain two high-severity flaws in its widely used cryptography library that could result in a denial-of-service (DoS) and remote code execution. The issues, tracked asΒ CVE-2022-3602 and CVE-2022-3786, have been described as buffer overrun vulnerabilities that can be triggered during X.509 certificate verification by supplying a specially-crafted email

OpenSSL fixes two β€œone-liner” crypto bugs – what you need to know

By Paul Ducklin
"As bad as Heartbleed"? We heard that concern a week ago, but we think it's less ungood than that...

OpenSSL to Release Security Patch for Remote Memory Corruption Vulnerability

By Ravie Lakshmanan
The latest version of the OpenSSL library has been discovered as susceptible to a remote memory-corruption vulnerability on select systems. The issue has been identified in OpenSSLΒ version 3.0.4, which was released on June 21, 2022, and impacts x64 systems with theΒ AVX-512Β instruction set. OpenSSL 1.1.1 as well as OpenSSL forks BoringSSL and LibreSSL are not affected. <!--adsense--> Security

OpenSSL issues a bugfix for the previous bugfix

By Paul Ducklin
Fortunately, it's not a major bugfix, which means it's easy to patch and can teach us all some useful lessons.

❌