POODLE SSL Attack | Breaking Cybersecurity News | The Hacker News

Attention Please! System Administrator and anyone relying on OpenSSL should be prepared to switch to a new version of the open-source crypto library that will be released this Thursday 9th July. OpenSSL is a widely used open-source software library that provides encrypted Internet connections using SSL/TLS for majority of websites, as well as other secure services. The new versions of OpenSSL crypto library, versions 1.0.2d and 1.0.1p , address a single security vulnerability classified as "high severity," the OpenSSL Project Team announced on Monday. There isn't more details about the mystery security vulnerability available yet, except for the fact that the security vulnerability doesn't affect the 1.0.0 or 0.9.8 series. "The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.0.2d and 1.0.1p," developer Mark J Cox announced in a mailing list note published yesterday. "These releases will be

The OpenSSL Foundation is set to release a handful of patches for undisclosed security vulnerabilities in its widely used open source software later this week, including one that has been rated " high " severity. In a mailing list note published last night, Matt Caswell of the OpenSSL Project Team announced that OpenSSL versions 1.0.2a , 1.0.1m , 1.0.0r , and 0.9.8zf will be released Thursday. " These releases will be made available on 19th March ," Caswell wrote. " They will fix a number of security defects. The highest severity defect fixed by these releases is classified as "high" severity. " OpenSSL is an open-source implementation of the SSL and TLS protocols. It's a technology that's widely used by almost every websites to encrypt web sessions, even the Apache web server that powers almost half of the websites over the Internet utilizes OpenSSL. Further details on the mystery security vulnerabilities ( CVE-2015-02

Ambitious Employees Tout New AI Tools, Ignore Serious SaaS Security Risks Like the  SaaS shadow IT  of the past, AI is placing CISOs and cybersecurity teams in a tough but familiar spot.  Employees are covertly using AI  with little regard for established IT and cybersecurity review procedures. Considering  ChatGPT's meteoric rise to 100 million users within 60 days of launch , especially with little sales and marketing fanfare, employee-driven demand for AI tools will only escalate.  As new studies show  some workers boost productivity by 40% using generative AI , the pressure for CISOs and their teams to fast-track AI adoption — and turn a blind eye to unsanctioned AI tool usage — is intensifying.  But succumbing to these pressures can introduce serious SaaS data leakage and breach risks, particularly as employees flock to AI tools developed by small businesses, solopreneurs, and indie developers. AI Security Guide Download AppOmni's CISO Guide to AI Security - Part 1 AI evoke

POODLE , a critical SSL flaw discovered in October that was patched and fixed by webmasters around the world after Google alerted software and hardware vendors, has again made its way and this time the vulnerability affects implementations of the newer Transport Layer Security (TLS) protocol . Yes, the serious POODLE vulnerability that affected the most widely used web encryption standard Secure Sockets Layer (SSL) 3.0 has once again returned and is likely to affect some of the most popular web sites in the world — including those owned or operated by Bank of America, the US Department of Veteran's Affairs, and Accenture. POODLE (Padding Oracle On Downgraded Legacy Encryption) flaw, disclosed two months ago by Google security team, allowed attackers to perform Man-in-the-Middle (MitM) attack in order to intercept traffic between a user's browser and an HTTPS website to decrypt sensitive information, like the user's authentication cookies. Now, the dangerous flaw