This week a research team found vulnerabilities in a remote control communication protocol that would allow them to crash or ground quadcopters. What does hacking a drone have to do with information security? Watch today's video to find out. (Episode Runtime: 2:27) Direct YouTube Link: https://www.youtube.com/watch?v=fcCtAdYorrY EPISODE REFERENCES: Researcher post about … [Read more...]
Don't Be 'fraid of No GHOST; Glibc Vulnerability
During the blog downtime, observant security practitioners probably read about a serious new vulnerabilities called GHOST, which affects all Linux-based systems to some extent. I actually covered GHOST already, in one of my Daily Security Bytes, but you may have missed it during the downtime. Let me recap the issue here. GHOST is the name Qualys gave to a newly reported … [Read more...]
How to Neuter POODLE (New SSL Vulnerability)
Surprise, surprise... Researcher's have found yet another OpenSSL vulnerability. They've named this one POODLE. Silly name, I know, but at least it stands for something—Padding Oracle On Downgraded Legacy Encryption. In short, POODLE is a protocol level cryptography flaw in Secure Sockets Layer version 3 (SSLv3), which is one of the many encryption protocols available … [Read more...]
OpenSSL Patches Six Vulnerabilities, Including a MitM Flaw
Today, the OpenSSL team released a critical update for their popular SSL/TLS package, which fixes six security vulnerabilities in their product, including a relatively serious Man-in-the-Middle (MitM) flaw. If you use OpenSSL, you should read up on these issues and update OpenSSL immediately. WatchGuard products, like many others that use OpenSSL, are affected by these issues … [Read more...]
UPDATE TO: Advanced Attackers Exploit IE 0day in the Wild
Severity: High Summary: This vulnerability affects: All versions of Internet Explorer (IE) How an attacker exploits it: By enticing a user to visit web site containing malicious content Impact: An attacker can execute code with your privileges, potentially gaining complete control of your computer What to do: Install Microsoft's emergency IE patch immediately, or let … [Read more...]