430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

OpenSSL announced fix for mystery high critical vulnerability

New versions of OpenSSL will be released on Thursday to patch critical security vulnerabilities, one of which is considered very dangerous. The OpenSSL Project Team announced in an advisory published on Monday that new versions of OpenSSL will be released on Thursday to patch several security vulnerabilities. The disconcerting news is that at least one of them […]

OpenSSL announced fix for mystery high critical vulnerability

New versions of OpenSSL will be released on Thursday to patch critical security vulnerabilities, one of which is considered very dangerous.

The OpenSSL Project Team announced in an advisory published on Monday that new versions of OpenSSL will be released on Thursday to patch several security vulnerabilities. The disconcerting news is that at least one of them is considered highly serious, according to the OpenSSL Project Team.

OpenSSL member Matt Caswell reported the existence of the vulnerability in a mailing list note.

“The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf.  These releases will be made available on 19th March. They will fix a number of security defects. The highest severity defect fixed by these releases is classified as “high” severity. ” states the advisory

According to the advisory, the updates will be included in the OpenSSL versions 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf.

openssl

The public advisory did not provide details of the vulnerabilities that will be fixed to avoid that hackers in the wild could exploit them.

In 2014, the security experts discovered numerous flaws in the OpenSSL library which is widely used as the implementation of the SSL and TLS protocols. The most popular is the Heartbleed flaw that was discovered in April 2014, which could be exploited by attackers to steal memory content from a vulnerable server, potentially exposing sensitive data like login credentials and cryptographic keys.

Another vulnerability recently discovered, FREAK, affects the software threatening the security of encrypted connections.

In response to the security issues emerged with the encryption libraries, major vendors are funding the Core Infrastructure Initiative, a multi-million dollar project housed at The Linux Foundation “to fund open source projects that are in the critical path for core computing functions“.

Pierluigi Paganini

(Security Affairs –  OpenSSL, security)