A “new” and important vulnerability has been discovered that affects HTTPS and other services that rely on SSL/TLS implementations. This flaw is in the SSLv2 protocol, and affects all implementations. Researchers refer to this attack as DROWN – short for “Decrypting RSA using Obsolete and Weakened eNcryption”. This attack allows attackers to read or steal information sent via the “secure” connection. No attacks in the wild are currently known.
Read MoreA vulnerability that allows attackers to create their malicious certificates without depending on any external and trustworthy CAs was fixed in the newest version of the open-source software OpenSSL released July 9. Identified as CVE-2015-1793 (Alternative Chains certificate forgery) and rated with “high severity”, the vulnerability allows attackers to use certificates to produce other valid Certificates even…
Read MoreHow secure is online public communication? Last May, a paper was published that discusses about the Diffie-Helman (DH) crypto-strength deployment, which gives strong evidence that the current DH usage is weak and suggests that 1024-bit size parameters can be broken with a nation stateâs computing power resources. The paper presents possible scenarios where such an incident could occur. They found,…
Read MoreOn March 19 we wrote about how OpenSSL disclosed and fixed 13 vulnerabilities to address several security holes. Among the vulnerabilities addressed was CVE-2015-1787, which can result in a complete denial of service on an application compiled with OpenSSL library. This blog post will tackle how the bug can be exploited, and how Trend Micro can protect against future possible attacks. CVE-2015-17187…
Read MoreSecurity researchers and news outlets are reporting about a newly discovered vulnerability believed to exist since the 90s. This vulnerability, dubbed as FREAK (Factoring RSA Export Keys), forces a secure connection to use weaker encryptionâmaking it easy for cybercriminals to decrypt sensitive information. Vulnerable since the 1990s The flaw came about in the 1990s. Back…
Read More