Cybercriminals use proxies and configurations to launch credential stuffing attacks
The Federal Bureau of Investigation (FBI) have spotted cybercriminals using proxies and configurations to launch credential stuffing attacks against US companies.
SSL
NSA: New guidance to eliminate obsolete TLS protocols
The National Security Agency (NSA) has issued new guidance to eliminate obsolete Transport Layer Security (TLS) protocol configurations (such as TLS 1.0, TLS 1.1, SSLv2, SSLv3 and weak ciphers).
OpenSSL patches High risk vulnerability (CVE-2020-1971)
OpenSSL patched a high severity vulnerability CVE-2020-1971 in certain OpenSSL versions. As a result, a bad actor could exploit and launch a Denial of Service attack against impacted systems.
GnuTLS patches TLS vulnerability that could cause MITM attack
The GNU Transport Layer Security Library (GnuTLS) patched a vulnerability hidden in code for nearly two years. The issue applies to a flaw in how TLS 1.3 session resumption works without a master key. As a result, an attacker could exploit and launch man-in-the-middle (MITM) attacks.
Critical Point-to-Point Protocol Daemon (pppd) vulnerability
Researchers at the CERT Coordination Center (CERT/CC) have released details on a critical Point-to-Point Protocol Daemon (pppd) vulnerability CVE-2020-8597.
APT attackers exploit multiple VPN software vulnerabilities
Security experts are again warning that advanced persistent threat (APT) actors are exploiting vulnerabilities in multiple Virtual Private Network (VPN) applications.
NIST SP 800-177: New Email Security Guidelines To Combat Phishing Threats
The NIST standard, SP 800-177 Revision 1, Trustworthy Email (Draft) was released last month and offers up-to-date security guidance to include SPF, DKIM, DMARC, and email digital signatures and encryption (via S/MIME), among others.
DNS hijacking cyber attacks on domains worldwide
Security researchers from FireEye have identified a wave of DNS hijacking attacks on domains owned by government, telecom and internet infrastructure organizations around the globe.
TLS 1.3 protocol is officially standard
The Transport Layer Security (TLS) 1.3 has officially become a standard last week. The new TLS standard now offers improved privacy, security and performance to the internet security protocol.
Chrome 68 security updates
Google released Chrome 68 (68.0.3440.70) for Android and will be available on Google Play in the upcoming weeks. The update includes a fix for an Autofill issue.