'Heartbleed' computer bug threat spreads to firewalls and beyond - dofaq.com

Son of Heartbleed poses a major new threat to the internet

TechRadar - 20 Sep 2017
OptionsBleed is the name of a new major vulnerability which potentially threatens to expose data from servers in a similar sort of way that Heartbleed did a few years back. If you recall, Heartbleed was the critical bug which made headlines in 2014, ...

Apache vulnerability is reported

Tech Xplore - 21 Sep 2017
So is this as bad as Heartbleed? Böck said it is not, as "this bug leaks only small chunks of memory and more importantly only affects a small number of hosts by default." But, he added, "It's still a pretty bad bug, particularly for shared hosting ...

Apache patches 'OptionsBleed' web server info leak bug

iTnews - 19 Sep 2017
On further investigation, Böck noted that the data returned looked similar to what happens with the Heartbleed bug in the OpenSSL cryptographic library, which attackers can use to leak server memory to obtain secrets such as digital keys. With the help ...

The Apache “Optionsbleed” security hole explained [VIDEO]

Naked Security - 20 Sep 2017
(If one leakage is an optionsbleed, we don't know what two of them are called: optionsbleeds, perhaps?) Although the bug isn't as dramatic or quite as dangerous as Heartbleed, it's still a security vulnerability. And any vulnerability by which you ...

Apacheにメモリ漏洩の脆弱性「Optionsbleed」 - 「Heartbleed」直後に判明するも修正されず

Security NEXT - 21 Sep 2017
脆弱性を公表したフリーランスライターのHanno Böck氏は、同脆弱性を「Optionsbleed」と命名。さらに「Heartbleed」の発見後に発表された2014年5月に発表された論文で同脆弱性が言及されていたことも判明。これまで脆弱性として認識されず、修正されてこなかったという。

Risks Limited With Latest Apache Bug, Optionsbleed

Threatpost - 19 Sep 2017
But the risk is most pressing only in shared hosting environments apparently, and only if the software is running a certain rare configuration. Details of the bug, which has been called Optionsbleed given its similarity to Heartbleed and other ...

Heartbleed Persists on 200000 Servers, Devices

Threatpost - 23 Jan 2017
Almost 200,000 servers and devices are still vulnerable to Heartbleed, the OpenSSL flaw patched nearly three years ago. The numbers come from search engine Shodan, which released data showing U.S. servers hosted on Amazon AWS are ...

That Heartbleed problem may be more pervasive than you think

Network World - 27 Jan 2017
That lingering Heartbleed flaw recently discovered in 200,000 devices is more insidious than that number indicates. According to a report posted by Shodan, the Heartbleed vulnerability first exposed in April 2014 was still found in 199,594 internet ...

The hidden threat lurking in an otherwise secure software stack

TheServerSide.com - 29 Aug 2017
"If you look at GitHub today and look at the OpenSSL project, you'll see that over 2500 or 2600 different OpenSSL forks have occurred," If a vulnerability in the OpenSSL system occurs, as it did when the Heartbleed bug rose to fame, only the mainline, ...

Heartbleed vs. WannaCry: A tale of two cyber attacks

FederalNewsRadio.com - 22 May 2017
If there was ever a case to be made for why agencies and organizations invest in cybersecurity protections, look no further than the recent WannaCry ransomware attack. The federal government came away unscathed by the malware that hit more than 300 ...

Security Insider Interview Series: Tom Brandl, CISO of Neustar

CSO Online - 14 Sep 2017
A WAF also helps rapidly implement defense against newly released vulnerabilities, like Heartbleed. What are the most dangerous new attacks against which organizations must defend themselves? The pace at which vulnerabilities are discovered increases ...

ICO Fines Gloucester Council £100K After Heartbleed Snafu

Infosecurity Magazine - 13 Jun 2017
Data protection watchdog the Information Commissioner's Office (ICO) has fined Gloucester City Council a whopping £100,000 after it failed to protect against the Heartbleed bug, resulting in the theft of sensitive info on council employees. A cyber ...

Is Open Source Secure?

CSO Australia - 14 Sep 2017
With ransomware attacks and security breaches impacting organisations globally on a regular basis, security is very much front and centre of every CSO's agenda. Known vulnerabilities like Heartbleed and the SMB vulnerability exploited in the WannaCry ...

Editorial: The Calm Before The Storm - Remain Safe

Bahamas Tribune - 09 Sep 2017
To hear them would have made one's heart bleed, their cry was a cry of fear – a call for help. Over the years, we have only seen this behaviour when a hurricane was about to form. Man was as yet unaware of the danger, but nature had shared its secret ...

What's New