Good news ! Hackbusters community is waiting for you !  https://discuss.hackbusters.com
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at: https://discuss.hackbusters.com.

Two Vulnerabilities Patched in OpenSSL

The OpenSSL Project announced on Thursday the availability of OpenSSL 1.0.2n, a version that patches two vulnerabilities discovered by a Google researcher.

The flaws were identified by Google’s David Benjamin using the search giant’s OSS-Fuzz fuzzing service.

One of the security holes, CVE-2017-3737, is related to an “error state” mechanism introduced with OpenSSL 1.0.2b. The mechanism is designed to trigger an immediate failure if there is an attempt to continue a handshake after a fatal error has occurred. The problem is that if the SSL_read() or SSL_write() functions are called directly, the mechanism doesn’t work properly.

“If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly fromthe SSL/TLS record layer,” OpenSSL said in its advisory.

While this vulnerability could have serious implications, it has only been rated “moderate severity” due to the...(continued)

View All Trending Stories