• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   OpenSSL

DROWN SSLv2 Vulnerability Rears Ugly Head, Puts One-Third of HTTPS Servers At Risk
  • Posted on:March 2, 2016 at 2:29 pm
  • Posted in:Exploits, Vulnerabilities
  • Author:
    Virendra Bisht (Vulnerability Researcher)
0

A “new” and important vulnerability has been discovered that affects HTTPS and other services that rely on SSL/TLS implementations. This flaw is in the SSLv2 protocol, and affects all implementations. Researchers refer to this attack as DROWN – short for “Decrypting RSA using Obsolete and Weakened eNcryption”. This attack allows attackers to read or steal information sent via the “secure” connection. No attacks in the wild are currently known.

Read More
Tags: CVE-2015-3197CVE-2016-0703CVE-2016-0800DROWNOpenSSLSSL/TLSSSLv2

OpenSSL CVE-2015-1793: Separating Fact from Hype
  • Posted on:July 16, 2015 at 2:33 am
  • Posted in:Vulnerabilities
  • Author:
    William Gamazo Sanchez (Vulnerability Research)
0

A vulnerability that allows attackers to create their malicious certificates without depending on any external and trustworthy CAs was fixed in the newest version of the open-source software OpenSSL released July 9. Identified as CVE-2015-1793 (Alternative Chains certificate forgery) and rated with “high severity”, the vulnerability allows attackers to use certificates to produce other valid Certificates even…

Read More
Tags: digital certificateHTTPSOpenSSLSSLvulnerability

Are Secure Communications Really Secure? Government Sites Affected by Weak DHE
  • Posted on:July 10, 2015 at 7:27 am
  • Posted in:Bad Sites
  • Author:
    William Gamazo Sanchez (Vulnerability Research)
0

How secure is online public communication? Last May, a paper was published that discusses about the Diffie-Helman (DH) crypto-strength deployment, which gives strong evidence that the current DH usage is weak and suggests that 1024-bit size parameters can be broken with a nation state’s computing power resources. The paper presents possible scenarios where such an incident could occur. They found,…

Read More
Tags: cryptographyDHEHTTPSman in the middleOpenSSLprivacySSLTLS

Denial of Service Attacks Possible with OpenSSL Vulnerability CVE-2015-1787
  • Posted on:April 15, 2015 at 2:05 pm
  • Posted in:Vulnerabilities
  • Author:
    William Gamazo Sanchez (Vulnerability Research)
0

On March 19 we wrote about how OpenSSL disclosed and fixed 13 vulnerabilities to address several security holes. Among the vulnerabilities addressed was CVE-2015-1787, which can result in a complete denial of service on an application compiled with OpenSSL library. This blog post will tackle how the bug can be exploited, and how Trend Micro can protect against future possible attacks. CVE-2015-17187…

Read More
Tags: CVE-2015-1787denial of service attacksOpenSSL

FREAK Vulnerability Forces Weaker Encryption
  • Posted on:March 4, 2015 at 1:54 pm
  • Posted in:Vulnerabilities
  • Author:
    Trend Micro
1

Security researchers and news outlets are reporting about a newly discovered vulnerability believed to exist since the 90s. This vulnerability, dubbed as FREAK (Factoring RSA Export Keys), forces a secure connection to use weaker encryption—making it easy for cybercriminals to decrypt sensitive information. Vulnerable since the 1990s The flaw came about in the 1990s. Back…

Read More
Tags: androidAppleCVE-2015-0204FREAKOpenSSL
Page 1 of 3123

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

  • Security Analysis of Devices That Support SCPI and VISA Protocols
  • Why Running a Privileged Container in Docker Is a Bad Idea
  • January Patch Tuesday: Update List Includes Fixes for Internet Explorer, Remote Desktop, Cryptographic Bugs
  • First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group
  • Looking into Attacks and Techniques Used Against WordPress Sites

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.