#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

POODLE | Breaking Cybersecurity News | The Hacker News

Google to Disable Weak SSLv3 and RC4 Protocols to Boost Internet Security

Google to Disable Weak SSLv3 and RC4 Protocols to Boost Internet Security

Sep 19, 2015
It is finally time to say GoodBye to the old and insecure Web security protocols. Citing the long history of weaknesses in the Secure Sockets Layer (SSL) 3.0 cryptographic protocol and the RC4 Cipher Suite, Google plans to disable support for both SSLv3 as well as RC4 stream cipher in its front-end servers. While announcing on its official blog , the Search Engine giant said the company is looking to put away SSLv3 and RC4 in all of its front-end servers, and eventually, in all its software including Chrome, Android, Web crawlers, and email servers. The move by Google came as no surprise, considering the fact that both RC4 and SSLv3 have been deemed unsecure by the Internet Engineering Task Force (IETF). What are the Problems? SSLv3, which was made outdated 16 years ago, has a long history of security problems like BEAST , out of them the most recent one was POODLE ( Padding Oracle On Downgraded Legacy Encryption ) attacks, which lead to the recovery of plaintext communication
POODLE SSL Vulnerability Now Attacking TLS Security Protocol

POODLE SSL Vulnerability Now Attacking TLS Security Protocol

Dec 09, 2014
POODLE , a critical SSL flaw discovered in October that was patched and fixed by webmasters around the world after Google alerted software and hardware vendors, has again made its way and this time the vulnerability affects implementations of the newer Transport Layer Security (TLS) protocol . Yes, the serious POODLE vulnerability that affected the most widely used web encryption standard Secure Sockets Layer (SSL) 3.0 has once again returned and is likely to affect some of the most popular web sites in the world — including those owned or operated by Bank of America, the US Department of Veteran's Affairs, and Accenture. POODLE (Padding Oracle On Downgraded Legacy Encryption) flaw, disclosed two months ago by Google security team, allowed attackers to perform Man-in-the-Middle (MitM) attack in order to intercept traffic between a user's browser and an HTTPS website to decrypt sensitive information, like the user's authentication cookies. Now, the dangerous flaw
How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities

How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities

Feb 15, 2024SaaS Security / Risk Management
With many of the highly publicized 2023 cyber attacks revolving around one or more SaaS applications, SaaS has become a cause for genuine concern in many boardroom discussions. More so than ever, considering that GenAI applications are, in fact, SaaS applications. Wing Security (Wing), a SaaS security company, conducted an analysis of 493 SaaS-using companies in Q4 of 2023.  Their study reveals  how companies use SaaS today, and the wide variety of threats that result from that usage. This unique analysis provides rare and important insights into the breadth and depth of SaaS-related risks, but also provides practical tips to mitigate them and ensure SaaS can be widely used without compromising security posture.  The TL;DR Version Of SaaS Security 2023 brought some now infamous examples of malicious players leveraging or directly targeting SaaS, including the North Korean group UNC4899, 0ktapus ransomware group, and Russian Midnight Blizzard APT, which targeted well-known organizat
Google Releases 'nogotofail' Network Traffic Security Testing Tool

Google Releases 'nogotofail' Network Traffic Security Testing Tool

Nov 05, 2014
Google introduced a new security tool to help developers detect bugs and security glitches in the network traffic security that may leave passwords and other sensitive information open to snooping. The open source tool, dubbed as Nogotofail , has been launched by the technology giant in sake of a number of vulnerabilities discovered in the implementation of the transport layer security, from the most critical Heartbleed bug in OpenSSL to the Apple's gotofail bug to the recent POODLE bug in SSL version 3. The company has made the Nogotofail tool available on GitHub, so that so anyone can test their applications, contribute new features to the project, provide support for more platforms, and help improve the security of the internet. Android security engineer Chad Brubaker said that the Nogotofail main purpose is to confirm that internet-connected devices and applications aren't vulnerable to transport layer security (TLS) and Secure Sockets Layer (SSL) encry
cyber security

Are You Vulnerable to Third-Party Breaches Through Interconnected SaaS Apps?

websiteWing SecuritySaaS Security / Risk Management
Protect against cascading risks by identifying and mitigating app2app and third-party SaaS vulnerabilities.
Privacy Tools — Tor Browser 4.0 and Tails 1.2 Update Released

Privacy Tools — Tor Browser 4.0 and Tails 1.2 Update Released

Oct 18, 2014
Tor - Privacy oriented encrypted anonymizing service, has announced the launch of its next version of Tor Browser Bundle, Tor version 4.0 , which disables SSL3 to prevent POODLE attack and uses new transports that are intended to defeat the Great Firewall of China and other extremely restrictive firewalls. Tor is generally thought to be a place where users come online to hide their activities and remain anonymous. Tor is an encrypted anonymizing network considered to be one of the most privacy oriented service and is mostly used by activists, journalists to circumvent online censorship and surveillance efforts by various countries. The popularity of the tool can be estimated by the recent announcement of an Internet router called Anonabox which was the highest crowd funded project on Kickstarter this week, generating more than $500,000 in funding since its launch on Monday. Tor privacy router Anonabox is designed to make all your online activity anonymous and conceal yo
POODLE SSL 3.0 Attack Exploits Widely-used Web Encryption Standard

POODLE SSL 3.0 Attack Exploits Widely-used Web Encryption Standard

Oct 15, 2014
Another Heartbleed-like vulnerability has been discovered in the decade old but still widely used Secure Sockets Layer ( SSL ) 3.0 cryptographic protocol that could allow an attacker to decrypt contents of encrypted connections to websites. Google's Security Team revealed on Tuesday that the most widely used web encryption standard SSL 3.0 has a major security vulnerability that could be exploited to steal sensitive data. The flaw affects any product that follows the Secure layer version 3, including Chrome, Firefox, and Internet Explorer. Researchers dubbed the attack as " POODLE ," stands for Padding Oracle On Downgraded Legacy Encryption , which allows an attacker to perform a man-in-the-middle attack in order to decrypt HTTP cookies. The POODLE attack can force a connection to "fallback" to SSL 3.0, where it is then possible to steal cookies, which are meant to store personal data, website preferences or even passwords. Three Google security engineers - Bodo Möll
Cybersecurity Resources