The Intercept has a new story on the CIA’s — yes, the CIA, not the NSA — efforts to break encryption. These are from the Snowden documents, and talk about a conference called the Trusted Computing Base Jamboree. There are some interesting documents associated with the article, but not a lot of hard information.
8 retweets 11 favorites
Original release date: March 10, 2015 Microsoft has released updates to address Windows vulnerabilities as part of the Microsoft Security Bulletin Summary for March 2015. These vulnerabilities could allow remote code execution, spoofing, security feature bypass, denial of service, elevation of privilege, or disclosure of information. US-CERT encourages users and administrators to review Microsoft Security Bulletin Summary MS15-MAR and apply the necessary updates
Original release date: March 10, 2015 Microsoft has released updates to address Windows vulnerabilities as part of the Microsoft Security Bulletin Summary for March 2015.
Vulnerability Note VU#243585 SSL/TLS implementations accept export-grade RSA keys (FREAK attack) Original Release date: 06 Mar 2015 | Last revised: 06 Mar 2015 Overview Some implementations of SSL/TLS accept export-grade (512-bit or smaller) RSA keys even when not specifically requesting export grade ciphers. An attacker able to act as a Man-in-The-Middle (MiTM) could factor weak temporary RSA keys, obtain session keys, and decrypt SSL/TLS trafflc. This issue has been dubbed the “FREAK” (Factoring Attack on RSA-EXPORT Keys) attack
October 2014 saw the beginning of an e-mail campaign spamming malicious Microsoft Office documents.
4 retweets 4 favorites
Original release date: March 02, 2015 The Federal Trade Commission (FTC) has released an advisory describing the top 10 reported imposter scams for 2014. Scam operators often impersonate individuals, companies, and organizations to entice targets to participate in fraudulent financial transactions
This video demonstrates how to use content packs in McAfee Enterprise Security Manager. Content packs allow you to see prepackaged sets of views, alarms, reports, watchlists, variables, and…
Original release date: February 24, 2015 Linux and Unix based operating systems employing Samba versions 3.5.0 through 4.2.0rc4 contain a vulnerability in the Server Message Block daemon (smbd). Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. US-CERT recommends users and administrators refer to their respective Linux OS vendor(s) for an appropriate patch if affected