Original release date: April 30, 2015 Systems Affected Networked systems Overview Securing end-to-end communications plays an important role in protecting privacy and preventing some forms of man-in-the-middle (MITM) attacks. Recently, researchers described a MITM attack used to inject code, causing unsecured web browsers around the world to become unwitting participants in a distributed denial-of-service attack.
Google has a new Chrome extension called “Password Alert”: To help keep your account safe, today we’re launching Password Alert, a free, open-source Chrome extension that protects your Google and Google Apps for Work Accounts. Once you’ve installed it, Password Alert will show you a warning if you type your Google password into a site that isn’t a Google sign-in page. This protects you from phishing attacks and also encourages you to use different passwords for different sites, a security best practice
Vulnerability Note VU#534407 Barracuda Web Filter insecurely performs SSL inspection Original Release date: 28 Apr 2015 | Last revised: 28 Apr 2015 Overview Barracuda Web Filter prior to version 8.1.0.005 does not properly check upstream certificate validity when performing SSL inspection, and delivers one of three default root CA certificates across multiple machines for SSL inspection. Description According to Barracuda Networks , the Barracuda Web Filter is a “comprehensive solution for web security and management” with many features, including the ability to provide “visibility into SSL-encrypted traffic”. This SSL inspection feature of the Barracuda Web Filter is vulnerable to multiple issues
As if every week wasn’t busy enough with new information security (InfoSec) news, this week was the RSA Conference, which brings with it a whole new batch of security news. If you find yourself struggling to keep up, follow my daily or weekly videos to get a quick summary of the latest relevant news.
Teslacrypt is a form of ransomware that was first noted in January of this year [ 1 ]. This malware apparently targets video game-related files [ 2 , 3 , 4 ].
3 retweets 1 favorites
Original release date: April 06, 2015 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD , which contains historical vulnerability information.