The OpenSSL team released a security update that fixes 6 vulnerabilities, two of which could be considered critical. The first one is an SSL/TLS MITM vulnerability (CVE-2014-0224). “An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can Continue Reading

Apache recently patched Tomcat, fixing a trio of information disclosure bugs and a denial of service bug in the open source web server and servlet container. The denial of service bug, discovered in February by David Jorm of the Red Hat Security Response Team, could have allowed an attacker to Continue Reading

The Heartbleed attack that left encrypted data vulnerable to theft is still causing problems, according to a new report. Luis Grangeia, partner and security services manager at information security firm SysValue, claims to have found a new vector that leaves wireless routers and Android devices vulnerable to attack. Dubbed “Cupid”, Continue Reading

Microsoft has warned Windows XP users against using a hack that tricks the company’s servers into applying security patches to the now-unsupported operating system. The workaround first appeared on a forum website called Sebijk, which revealed how making a small change in XP’s registry will fool Microsoft’s upgrade servers into Continue Reading

Hewlett Packard’s Zero Day Initiative has released information about a zero-day vulnerability in Internet Explorer 8 that empowers the attacker to remotely execute code. The bug was discovered by Peter ‘corelanc0d3r’ Van Eeckhoutte of the Corelan Team. ZDI disclosed the vulnerability to Microsoft in October, which confirmed it in February. Continue Reading