'Heartbleed' computer bug threat spreads to firewalls and beyond - dofaq.com

Cryptocurrencies Are at Greater Risk of Being Hacked

TheStreet.com - 21 Nov 2017
Hackers are focusing on attacking vulnerable implementations of these algorithms such as the ones found in SSLStrip, Heartbleed and Padding Oracle, said Jared Nishikawa, director of immersive programs at SecureSet, a Denver-based immersive, ...

Oracle Patches Critical Vulnerabilities in PeopleSoft Applications

Security Boulevard - 17 Nov 2017
One of the critical vulnerabilities, CVE-2017-10272, enables attackers to extract data from the memory of a server and was dubbed JOLTandBLEED by the ERPScan researchers because its impact is similar to that of the Heartbleed flaw found in TLS in 2014.

Giving Open-Source Projects Life After a Developer's Death

WIRED - 06 Nov 2017
That can create big problems, as in 2014 when a security vulnerability known as "Heartbleed" was found in OpenSSL, an open-source program used by nearly every website that processes credit- or debit-card payments. The software comes bundled with ...

Open source developers getting better at secure practices

ITWeb - 16 Nov 2017
While static analysis has been extremely beneficial for improving the quality and security of OSS, other software integrity techniques (such as software fuzzing, used to verify the existence of Heartbleed) in combination with broader project health ...

Son of Heartbleed poses a major new threat to the internet

TechRadar - 20 Sep 2017
OptionsBleed is the name of a new major vulnerability which potentially threatens to expose data from servers in a similar sort of way that Heartbleed did a few years back. If you recall, Heartbleed was the critical bug which made headlines in 2014, ...

Heartbleed vs. WannaCry: A tale of two cyber attacks

FederalNewsRadio.com - 22 May 2017
If there was ever a case to be made for why agencies and organizations invest in cybersecurity protections, look no further than the recent WannaCry ransomware attack. The federal government came away unscathed by the malware that hit more than 300 ...

That Heartbleed problem may be more pervasive than you think

Network World - 27 Jan 2017
That lingering Heartbleed flaw recently discovered in 200,000 devices is more insidious than that number indicates. According to a report posted by Shodan, the Heartbleed vulnerability first exposed in April 2014 was still found in 199,594 internet ...

Heartbleed Persists on 200000 Servers, Devices

Threatpost - 23 Jan 2017
Almost 200,000 servers and devices are still vulnerable to Heartbleed, the OpenSSL flaw patched nearly three years ago. The numbers come from search engine Shodan, which released data showing U.S. servers hosted on Amazon AWS are ...

Council fined £100000 for Heartbleed security failures

The INQUIRER - 13 Jun 2017
THE UK INFORMATION COMMISSIONER'S OFFICE (ICO) has done what it occasionally does and fined an outfit for not properly handling data and falling victim to Heartbleed. The ICO has fined Gloucester City Council £100,000 because an attacker ...

Gloucester City Council fined £100000 over Heartbleed hack

IT PRO - 14 Jun 2017
Gloucester City Council has been hit with a £100,000 fine after a hacker downloaded 30,000 emails containing employees' personal information. In July 2014, a hacker "took advantage of a weakness in the council's website" to gain direct access to the ...

Thinking about Bugs

Lexology - 31 Oct 2017
The infamous Heartbleed bug in the OpenSSL open source cryptographic software library left millions of websites at risk. Notably, for anything other than the most simple systems, assessing the criticality and implications of implementing security ...

Heartbleed bug still affects thousands of sites

ZDNet - 25 Jan 2017
The bug, known as Heartbleed (but formally designated CVE-2014-0160), was found in an earlier version of OpenSSL, a common open-source cryptographic library. Researchers say the flaw could allow an attacker to reveal the contents of encrypted data ...

What's New