OpenSSL fixes 2 High risk vulnerabilities (CVE-2022-3786 and CVE-2022-3602)
OpenSSL has released a security update with fixes for two High risk vulnerabilities (CVE-2022-3786 and CVE-2022-3602).
TLS
ISC fixes High risk BIND vulnerability (CVE-2022-1183)
The Internet Systems Consortium (ISC) has released a security update that fixes a High risk vulnerability CVE-2022-1183 in multiple versions of ISC Berkeley Internet Name Domain (BIND).
Mozilla patches Critical memory corruption vulnerability in NSS
The Mozilla Foundation has patched a memory corruption vulnerability CVE-2021-43527 in network security services (NSS) via DER-encoded DSA and RSA-PSS signatures.
NSA and CISA release guidance on securing remote access VPNs
The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released a joint Cybersecurity Information Sheet selecting and securing remote access VPNs.
NSA: New guidance to eliminate obsolete TLS protocols
The National Security Agency (NSA) has issued new guidance to eliminate obsolete Transport Layer Security (TLS) protocol configurations (such as TLS 1.0, TLS 1.1, SSLv2, SSLv3 and weak ciphers).
GnuTLS patches TLS vulnerability that could cause MITM attack
The GNU Transport Layer Security Library (GnuTLS) patched a vulnerability hidden in code for nearly two years. The issue applies to a flaw in how TLS 1.3 session resumption works without a master key. As a result, an attacker could exploit and launch man-in-the-middle (MITM) attacks.
NIST SP 800-177: New Email Security Guidelines To Combat Phishing Threats
The NIST standard, SP 800-177 Revision 1, Trustworthy Email (Draft) was released last month and offers up-to-date security guidance to include SPF, DKIM, DMARC, and email digital signatures and encryption (via S/MIME), among others.
NIST SP 800-177 Revision 1: “Trustworthy Email”
The National Institute of Standards and Technology (NIST) has releases its Security Publication (SP) 800-177 Revision 1, that include security guidelines and recommendations for achieving “trustworthy email”.
Google public DNS service now supports DNS-over-TLS
Google announced a major security enhancement to its public Domain Name Service (DNS), the most widely used public DNS recursive resolver service used on the internet.
TLS 1.3 protocol is officially standard
The Transport Layer Security (TLS) 1.3 has officially become a standard last week. The new TLS standard now offers improved privacy, security and performance to the internet security protocol.